Privacy policy

Last updated: 11.09.2020

The responsible party for processing your personal data is Funestra Ltd., Mladena Fiolića 12 i, Zagreb, OIB:87939378078, MBS:081190351, and the person responsible for data protection is the director of Funestra Ltd. Thank you for choosing to be part of our Zoyya community. We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns regarding our rules or practices regarding the processing of your personal data, please contact us at the email address [email protected]. You can find all information about the protection of your personal data at the following link:
Data Protection based on the General Data Protection Regulation.

Who should be familiar with this privacy policy?

This policy may apply to you if you are:

A partner using our platform
An end user of our services or
A visitor to our websites

When you visit our website www.zoyya.com and use our services, you entrust us with your personal data. We take your privacy very seriously. Through this privacy policy, we want to explain in the clearest way possible what data we collect, how we process it, for what purposes we use it, how long we retain it, how you can control all our actions, and what rights you have regarding your personal data.

These privacy rules apply to all data collected through our websites (such as www.zoyya.com ), our mobile application, and all related services, sales, marketing, or events (in this privacy policy, collectively referred to as "websites" or "website").

Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal data with us.

If there are any terms in this privacy policy with which you do not agree, please discontinue the use of our website and our services, and we will be happy to answer any questions you may have.

The terms we use in this privacy policy, which have gender significance, are used neutrally and apply equally to both female and male genders.

WHAT DATA DO WE COLLECT?

Your personal data voluntarily provided by you

In short: We collect personal data voluntarily provided by you, i.e., those that you manually enter on our pages

Specifically, these are name, email, mobile phone number, address, gender, and date of birth. In addition, we may collect data about social media login if you give us your consent and connect your account with a social media account. We cannot access payment instrument data (such as credit/debit card number or bank account number), but we will enable our payment processor to collect them through our website.

The personal data we collect depend on the type of interaction you have with us and our websites, your choices, the products, and features you use. By entering personal data in the designated fields, you give your consent for the use of the provided data for the intended purpose.

The data we collect may include the following:

Name and contact information: We collect your name, email address, postal address, phone number, gender, date of birth, and IP address.

Credentials: We do not store your password in the system, but we collect password instructions and similar security data used for account recovery.

Payment information: We do not have access to these data. The payment processor collects the necessary payment processing data if you make a purchase, such as your payment instrument number (such as credit/debit card number or bank account number) and the security code associated with your payment instrument. We refer you to their privacy policy (www.braintree.com) to contact them directly for any questions. We cannot see your payment instrument data, nor do we need them. (https://www.braintree.com/legal) Social media login data:

We provide the option to register through social media account data, such as your Google, Facebook, Twitter, or other social media account. If you choose to register this way, we will collect the data described in the section entitled "HOW DO WE PROCESS SOCIAL MEDIA LOGINS" below. All personal data you provide us with must be true, complete, and accurate, and it is important to inform us of any changes to the personal data you have provided.

Automatically collected data

Some data - such as your computer's IP address or browser and device characteristics - are automatically collected when you visit our websites.

In short: We automatically collect certain data when you visit, use, or browse our websites. These data do not reveal your identity (such as your name or contact information), but may include device and usage data, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our website, and other technical information. This information is primarily needed to maintain the security and operation of our websites, and for internal analytics and reporting purposes.

We also collect information through cookies and similar technologies. You can learn more about this in our

Cookie Policy Data collected through our applications.

When using our Applications, we may collect data about your geographic location, mobile device, delivered notifications, and Facebook permissions.

In short: If you use our Applications, we may collect the following data:

Geographic location data:

We may request access to or permission for location-based data from your mobile device, continuously or while using our mobile application, to provide location-based services. If you want to change our access or permissions, you can do so in your device settings. Mobile device access:
We may request access to or permission for certain features from your mobile device, including the calendar, contacts, reminders, SMS messages, or social media accounts. If you want to change our access or permissions, you can do so in your device settings. Mobile device data:
We may automatically collect data about your device (such as your device ID, model, and manufacturer), operating system, version information, and IP address. Application messages (push notifications):
Application messages (push notifications): We may ask to send you notifications regarding your account or mobile application. If you wish to opt out of receiving these types of communications, you can disable them in your device settings.

Data collected from other sources

In short: We may collect limited data from public databases, marketing partners, social media platforms, and other external sources.

We may obtain data about you from other sources, such as public databases, shared marketing partners, social media platforms (such as Facebook), as well as from other third parties, solely with your consent, i.e., if you link your account with a third party to your account with us. Such data may include: social media profile data (your name, gender, birthday, email, current city and country, user identification tags for your contacts, profile picture URL, and any other data you choose to make public); marketing offers and search results, including paid advertisements (such as sponsored links).

HOW DO WE PROCESS YOUR DATA, FOR WHAT PURPOSES, AND ON WHAT LEGAL BASES?

In short: We process your data for purposes based on compliance with our legal obligations, performance of our contract or relationship with you, legitimate business interests, and/or your consent.

First and foremost, we specify that we only process personal data that is necessary for the exact purpose and use that data only for established, clear, legitimate, and expected purposes.

We base the processing of your data on the following legal bases:

Consent: We may process your data only if you have given us consent to use your personal data for specific purposes.
Contractual performance: If we have entered into a contract with you, we may process your personal data to fulfill the terms of our contract.
Legal obligations: We may disclose your data where required by law to comply with applicable regulations or by the order of a court or other authority, as part of a judicial, administrative, or other legal process (including responses from government bodies to fulfill national security or law enforcement requests).
Legitimate interests: We may disclose your data where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the security of any person, and unlawful activities, or as evidence in legal proceedings in which we are involved.

The data we collect or receive is used for the purpose of:

Creating a user account and login. If you choose to connect your account with us to a third-party account (such as your Google or Facebook account), we use the data you have allowed us to collect from those third parties to create an account and login to fulfill the contract. For more information, please refer to the section below titled 'HOW DO WE PROCESS SOCIAL MEDIA LOGINS?'
Sending marketing and promotional communications. We and/or our third-party marketing partners may use the personal data you provide to us for marketing purposes, if in line with your marketing preferences. You can unsubscribe from our marketing email messages at any time, and we also refer you to the section below titled 'WHAT ARE YOUR RIGHTS REGARDING THE PROCESSING OF YOUR DATA?'
Sending administrative information. We may use your personal data to send you information about the product, service, and new features, or information about changes to our terms and policies, but only if we have obtained your consent and during the period of obtained consent.
Posting reviews on our websites. On our Services or Applications, we post reviews that may contain personal data. Before posting a review, we will obtain your consent to use your name and review. If you want to update or delete your review, please contact us at [email protected] and please provide your name, review location, and contact information.
Targeted advertising for you. We may use your data to develop and display content and advertising (and work with third parties to do so) tailored to your interests or location and measure its effectiveness, but only if we have obtained your consent and during the period of obtained consent.
Requesting feedback. We may use your data to request feedback from you and to contact you regarding your use of our Services or Applications, but only if we have obtained your consent and during the period of obtained consent.
Protecting our services. We may use your data as part of our efforts to protect and secure our Services or Applications (for example, to monitor and prevent fraud).
Enabling communication between service providers and users. We may use your data to enable communication between you and a service provider to facilitate the provision of the service and enhance the quality of service delivery.
Managing user accounts. We may use your data to manage user accounts and maintain them in good condition during the duration of our business relationship.
Providing services to the user. We may use your data to provide the requested service.
Responding to user inquiries and providing customer support. We may use your data to respond to your inquiries and resolve any issues related to your use of our Services and Applications.
Business purposes. We may use your data for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and assessing and improving our Services or Applications, products, marketing, and your experience. We may use and store such data in aggregated and anonymized form that is not associated with individual end users and does not include personal data. We will not use identifiable personal data without your consent.

WILL YOUR DATA BE SHARED WITH ANYONE?

In short: We do not sell, rent, or lend your information to unrelated third parties.

We do not disclose or transfer your personal data to unrelated third parties. Your personal data is securely stored on our or an external server of our choice and in our business premises, which provide adequate technical and organizational measures to ensure compliance with the requirements of the General Data Protection Regulation and to ensure the protection of your rights.

We will limit the data we disclose and transmit to the minimum necessary, sharing only the personal data necessary for the processing purpose for which they were provided.

All legal and physical persons to whom we disclose your personal data have an obligation to maintain confidentiality within the contractual relationship and have also implemented organizational and technical security measures.

Certain data may be disclosed to the authorities of the Republic of Croatia upon their request in order to comply with obligations prescribed by the laws of the Republic of Croatia.

Your personal data is not transferred to any third country, international organization, or recipient in a third country.

More specifically, we may need to share your personal data in the following situations:

Suppliers, consultants, and other third-party service providers. We may share your data with third-party suppliers, service providers, contractors, or agents who perform services for us or on our behalf and require access to such data to achieve that. Examples include: package delivery, payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts. We may allow selected third parties to use tracking technologies (such as Google Analytics) on the Services or Applications, which will enable them to collect data about your interaction with our Services or Applications over time. This information may be used, among other things, for data analysis and tracking, determining the popularity of certain content, and gaining a better understanding of online activities. Beyond the cases mentioned above, we do not share your data with third parties for their promotional purposes.
Business transfers. We may share or transfer your data in connection with or during negotiations of any merger, sale of company assets, financing, or acquisition of all or part of our business to another company.
Business partners. We may share your data with our business partners to offer you specific products, services, or promotions. If you are our business partner and we have issued an invoice for our services, we will forward your data to the accounting office that performs accounting and bookkeeping services for us, for the purpose of fulfilling obligations based on accounting, bookkeeping, and tax regulations. For this purpose, we disclose your data to the Tax Administration as the recipient of personal data. If communication related to the execution of rights and obligations from your contractual relationship with us is conducted via regular mail, your personal data, including your name and address, is disclosed to legal persons engaged in the delivery of postal items who need to know this information in order to perform the delivery service.
Other users. When you share personal information (for example, by posting comments, contributions, or other content in the Services or Applications) or otherwise communicate in public areas of the Services or Applications, such personal information may be viewed by all users and may be publicly distributed outside the Service or Application. If you communicate with other users of our services or applications and register through a social media account (such as Facebook), your social media contacts will see your name, profile picture, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Services or Applications, and view your profile.

We have categorized each party in detail to make it easy for you to understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to withdraw your consent, please contact us.

Connecting to your third-party user accounts
Facebook account and Google account, if you use them to log in to the Application
Advertising, direct marketing, and lead generation
Google AdSense and Facebook Audience Network may customize the ads you see while using the Internet
Cloud computing and data backup
Microsoft Azure, our data is stored in the cloud
Sending SMS and WhatsApp messages
Twilio and WhatsApp, if you wish to receive reminders and information about your appointments
Marketing and generating statistical reports
Google Analytics and Facebook Custom Audience help us identify our target audiences
Providing support to our users
Intercom, we use it for messaging with you, publishing articles, and presenting how to use the Application
Internet payment (this data can never be visible to us)
Mollie, if you are a partner who pays for the use of our Services via the Internet.

DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In short: We may use cookies and other tracking technologies for data collection and storage.

We may use cookies and similar tracking technologies (such as web beacons and pixels) to access or store data.

Cookies are small text files that the internet server places on the user's computer, through which the service provider accesses the internet and displays the website.

Cookies are created when the browser on the user's device loads the visited web destination, which then sends data to the browser and creates a text file (cookie). The browser retrieves and sends the cookie to the website server when the user returns to it.
On our websites, we use technical cookies (necessary cookies that cannot be turned off) that are necessary for the functioning of the website, functional cookies (can be turned off) that allow the website to provide enhanced functionality and personalization, and marketing cookies (can be turned off) that enable tracking of visits and traffic sources to measure and improve the effectiveness of our website.

You can find more information in our Cookie Policy.

DO WE USE GOOGLE MAPS?

In short: Yes, we use Google Maps to provide a better service.

This website, mobile application, or Facebook application uses Google Maps APIs. Here you can find the Terms of Service for Google Maps API. To better understand Google's privacy policies, please reviewthis link.

By using our Maps API implementation, you agree to be bound by Google's Terms of Service.

HOW DO WE HANDLE SOCIAL MEDIA LOGIN?

In short: If you choose to register or log in to our services using social media accounts, we may have access to certain information about you.

Our services or applications offer you the option to register and log in using your third-party account data on social media (such as your Google, Facebook, or Twitter data). Where you choose to do this, we will receive certain profile information from your social media provider. The profile information we receive may vary depending on the social media provider involved, but often includes your name, email address, friend list, profile picture, and other information you choose to make public.

The information we receive will be used only for the purposes described in these privacy policies or as otherwise made clear to you in the Services or Applications. Please note that we do not control and are not responsible for the privacy practices of third parties that are not affiliated with our websites. We recommend that you review their privacy policies to understand how they collect, use, and share your personal information and how you can set your privacy preferences on their websites and apps.

WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

In short: We are not responsible for the security of any information you share with third-party advertisers that are not affiliated with our websites.

The Services or Applications may contain advertisements from third parties that are not affiliated with us and that may link to other websites, online services, or mobile applications. We cannot guarantee the security and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this privacy policy. We are not responsible for the content or privacy and security practices and policies of third parties, including other websites, services, or applications that may be linked to or from the Services or Applications. You should review the policies of such third parties and contact them directly to respond to your questions.

HOW LONG DO WE RETAIN YOUR DATA?

In short: We keep your data for as long as necessary to fulfill the purposes stated in these privacy policies, unless otherwise required by law or regulation.

We will retain your personal data only for as long as necessary for the purposes stated in these privacy policies, unless a longer retention period is required or permitted by law or regulation (such as tax and accounting regulations).

Therefore, if you have used our service and we have issued you an invoice, we will retain your name, address, and personal identification number as stated on the issued invoice for 11 years (counting from the last day of the year in which the invoice was issued) as this is the statutory obligation to retain issued invoices.

We also retain the invoices we receive from suppliers for 11 years (counting from the last day of the year in which the invoice was issued) as this is the statutory obligation to retain received invoices.

Your contact information, such as phone number or mobile device and email address, will be deleted immediately after you cancel or delete your user account.

HOW DO WE PROTECT YOUR DATA?

In short: Our goal is to protect your personal data through a system of organizational and technical security measures.

We have implemented appropriate technical, organizational, and personnel security measures designed to protect the security of all personal data we process. However, please note that we cannot guarantee that the Internet is 100% secure. While we will make efforts to protect your personal data, the transmission of personal data to and from our Services or Applications is at your own risk. You should only access the Services in a secure environment.

DO WE COLLECT INFORMATION FROM MINORS?

In short: We do not collect data from individuals under the age of 18.

We do not request information from individuals under the age of 18. By using the Services or Applications, you represent that you are at least 18 years old or that you are a legal guardian or parent of a minor and consent to the use of the Services or Applications on behalf of your ward. If we become aware that, despite the representation that the user is 18 years old or that data is being collected from a legal guardian or parent, personal data has been collected from users under the age of 18, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

WHAT ARE YOUR RIGHTS REGARDING THE PROCESSING OF YOUR DATA?

In short: You have several rights related to the processing of your personal data, and we provide a detailed overview of those rights below.

‍Right to Access
You may obtain confirmation from us as to whether or not your personal data is being processed and, if so, access to that data and the following information: information on the purpose of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, and the existence of the data subject's rights regarding the processing of personal data (which rights are described in the following sections of this Privacy Policy).

‍‍Right to Rectification
If your personal data that we process is incomplete or inaccurate, you may request at any time that we correct or complete it by providing an additional statement. Please note that you are responsible for providing accurate data and you have an obligation to inform us of any relevant changes to your personal data.

‍Right to Erasure
You have the right to request the erasure of your personal data if you believe that it is no longer necessary for the purposes for which it was collected or otherwise processed, if you have objected to the processing based on our legitimate interest, if you believe that your data is being unlawfully processed, or if you believe that your data should be erased under the laws of the European Union or the Republic of Croatia.

Please note that there are reasons that may prevent immediate erasure of personal data, such as data that must be retained for a certain period or permanently.

If you have requested the erasure of personal data that must be retained for a certain period, as part of the response to the erasure request, we will inform you of the time period during which such data must be retained and the day on which it will be deleted.

If you have requested the erasure of personal data that must be retained permanently, as part of the response to the erasure request, we will inform you of the impossibility of erasing such data and refer you to the legal basis that stipulates the permanent retention of the data.

‍‍Right to Restriction of Processing
You may request the restriction of the processing of your data from us:

if you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
if the processing is unlawful, but you oppose erasure and instead request the restriction of the data's use.
if we no longer need the data for the intended purposes, but they are still required by you for the establishment, exercise, or defense of legal claims.
if you have objected to the processing of personal data based on performing a task carried out in the public interest or in the exercise of official authority.

When data processing is restricted, such personal data may only be processed with your consent, except for storage purposes or the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. If a restriction of processing is obtained, we will inform you before the restriction is lifted.

‍Right to Object
If we process your data for the performance of tasks carried out in the public interest or in the exercise of official authority or if we rely on our legitimate interests in processing the data, you may object to such data processing if there is an interest in protecting your data. If we rely on our legitimate interests in processing the data and you have objected to such processing, we will not further process your data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

‍Right to Lodge a Complaint
If you believe that we have violated the laws of the European Union or the Republic of Croatia in the processing of your personal data, please contact us to clarify any questions. You have the right to lodge a complaint with the Croatian Personal Data Protection Agency to determine whether any violations of rights have occurred.

‍Right to Notification of Personal Data Breach
In the event of a personal data breach, despite all the measures taken, we will notify you of each such breach without undue delay by sending a written notification.

In that notification, we will describe the nature of the personal data breach, provide the name and contact details of the person from whom additional information about the breach may be obtained, describe the likely consequences of the personal data breach, and describe the measures we have taken to address the personal data breach, including measures to mitigate its possible adverse effects. The notification will be provided using clear and plain language.

Exercising Your Rights

If you wish to exercise any of the rights mentioned above, please contact us using the following contact information:

contact email address: [email protected]
mailing address: Mladena Fiolića 12 I, Zagreb
in person at the above-mentioned address.

We will respond to your requests to exercise your rights in accordance with the timelines and authorities prescribed by the General Data Protection Regulation.

In any case, when exercising the aforementioned rights, please ensure that we can clearly establish your identity, which serves to protect your rights and privacy.

Your rights, as listed above, can also be exercised by your authorized representative, who must provide a power of attorney certified by a notary public, except when the representative is a lawyer, in which case a certified power of attorney is not required.

If you use any of the mentioned rights too frequently and with an obvious intention of abuse, we may refuse to process your request.

Rights in the case of processing based on consent

If we base the processing of personal data on consent, we ensure that you always give your consent in the form of a written statement, signed by hand, and that the consent is voluntary, specific, informed, and unambiguous.

The written statement by which you give consent for the processing of your personal data will be prepared for each specific purpose of processing, in an understandable and easily accessible form, using clear and plain language.

At any time, you have the right to withdraw your consent for the processing of personal data, and you will be informed of this before giving your consent, by explicitly stating this right in the written statement by which you give your consent for the processing of personal data, with a note that consent can be withdrawn by signing a form of statement that we will provide in a simple form.

Please note that if consent is given for a one-time processing operation that has already been performed, the withdrawal of consent has no legal effect.

In the event of withdrawal of consent, we will immediately delete all your personal data, except those that we are required to retain in accordance with the laws of the European Union and the Republic of Croatia.

If you do not agree to give consent in cases of data processing based on consent, we are unable to establish any legal relationship with you.

Account Information

If you want to review or change the information on your account or delete your account at any time, you can:

Upon your request to delete your account, we will deactivate or delete your account and information from our active databases.

Opting out of Email Marketing: You can unsubscribe from our marketing list at any time by clicking on the unsubscribe link in the email messages we send or by contacting us using the contact information provided below. You will be removed from the email marketing list. However, we will still need to send you emails related to the services that are necessary for the administration and use of your account. To opt out otherwise, you can:

Change your settings when registering an account on the website.
Access your account settings and update your preferences.
Contact us using the provided contact information.

DO WE UPDATE THIS POLICY?

In short: Yes, we will update this policy as necessary to stay compliant with the General Data Protection Regulation and other relevant regulations.

The updated version will be indicated by the revised date "Revised", and the updated version will take effect as soon as it is available. If we make significant changes to these privacy rules, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We recommend that you review this privacy policy periodically to stay informed about how we protect your data.

HOW CAN YOU CONTACT US REGARDING THIS PRIVACY POLICY?

If you have any questions or comments about this policy, you can contact our Data Protection Officer (DPO) by email at[email protected]or by mail at:

Funestra d.o.o.
Mladena Fiolića 12 i
Zagreb 10000
Croatia