Privacy Policy

Privacy Policy

Last Updated: 15.08.2025

Introduction

User privacy and data protection is one of the fundamental business principles of Time Locker d.o.o. (hereinafter: we, us, our, the Company).

The Privacy Policy (hereinafter: the Policy) explains which User data the Company collects, the purpose of data collection and processing, the data retention period, the transfer of data to a third party, and the User’s rights.

The Time Locker platform may contain links that lead the User to the websites of other service providers. In this case, the Company Policy does not apply.

Data Controller

Time Locker d.o.o.

Biljska cesta 27, 31000 Osijek

info@timelocker.hr

Collection of User Data

The User’s data is collected when visiting and using the Platform, performing the Services provided by the Company through the Platform, establishing and during the duration of a business relationship, through communication channels and video surveillance systems, participating in prize games and when performing other tasks for which the Company is authorized.

Collected data includes:

  • identification data
  • contact information
  • socio-demographic data
  • publicly available data
  • transaction data
  • financial data
  • information about the contracted Services
  • information about the Services performed
  • data on communication with the Company
  • other data based on the use of the Services
  • other data obtained with the User’s consent

The Company, as a data controller, protects the privacy and data of the User in accordance with the General Data Protection Regulation – Regulation (EU) 2016/679.

Purpose of Collection and Processing of User Data

The Company collects and processes data for the needs of its business and when the purpose is lawful. Data processing is lawful when one of the following legal bases exists:

  • The user has given his consent to the processing of his personal data
  • processing is necessary to fulfill the contractual obligation towards the User or to take actions at the User’s request before concluding the Agreement
  • processing is necessary to comply with the Company’s legal obligations
  • processing is necessary to protect the fundamental interests of the User
  • processing is necessary for the performance of a task of public interest
  • processing is necessary for the legitimate interests of the Company or a third party, except when these interests are stronger than the interests or fundamental rights and freedoms of the User that require the protection of personal data

Storage of User’s Personal Data

The User’s personal data are deleted and not further processed if they are no longer needed in view of the purpose for which they were collected, and at the latest after the expiry of the legal deadlines that oblige the Company to keep the User’s data.

Data on transactions must be stored in accordance with the legal retention periods, from which it follows that the right to delete them is legally limited.

Depending on the purpose of the data processing, in certain cases the Company may keep the User’s data longer or shorter than the previously mentioned periods.

Transfer of User Data to Third Parties

The Company does not share the User’s data with third parties, except in the case when the transfer of data is necessary for the Company’s Service to be provided to the User.

Before the Company enters into a contract with a third party, each service provider and business partner is individually audited. We require these third parties to comply with certain conditions in order to protect any data they process.

Data is transferred to servers located within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers are located outside the EU and EEA. In this case, the Company requires that the third party has adequate data protection, in accordance with the GDPR.

The User’s data may also be forwarded to the competent authority or another institution for the purpose of sending reports or fulfilling the Company’s legal obligations.

User Rights

The user has the right at any time to:

  • INFORMATION AND ACCESS – can request confirmation regarding the collection, processing, storage period and transfer of data to third parties, as well as request access to personal data
  • CORRECTION – the right to request the correction of personal data if the data is incorrect, incomplete or to update it, with the delivery of appropriate documentation confirming the resulting change
  • FORGOTTEN – the right to request the deletion of data if they are no longer necessary in relation to the purpose for which they were collected or otherwise processed
  • DATA TRANSFER – the right to receive and transfer data to another controller if it is technically feasible, and this right must not have a negative impact on the rights and freedoms of others
  • OBJECTION – the right to withdraw consent or object to data processing
  • WITHDRAWAL OF CONSENT – the right to withdraw the consent given to the Company, which does not affect the legitimacy of data processing
  • THE RIGHT RELATED TO AUTOMATIC DECISION MAKING AND PROFILING – the right not to be subject to a decision based primarily on automated processing
  • LIMITATION OF PROCESSING – the right to challenge the accuracy of the data, for the period necessary for the Company to verify that accuracy

To exercise his rights, the User can contact the Company by sending a written notice or request:

  • by e-mail to the e-mail address info@timelocker.hr

Note: It is mandatory to use the same e-mail address that is registered in the User Profile.

The request will be answered within 30 days from the receipt of the request. In case of complex or multiple requests, the response time may be extended, and the User will be informed about this. There is no fee for processing the request.

If the request is rejected, the User will be informed of the reasons and of the right to file a complaint with the competent Croatian or EU authority for the protection of personal data. In the Republic of Croatia, it is the AZOP – Personal Data Protection Agency, and in the EU, the competent authority is the European Data Protection Supervisor.

Security of Data Processing

The Company implements appropriate technical, organizational and personnel measures to ensure effective application of data protection principles and User rights.

Technical and organizational measures ensure that the User’s collected data is encrypted, confidential and protected in the event of a physical or technical incident. Measures include regular testing, risk assessment and effectiveness measures to ensure data security.

Personnel measures ensure that the processing and availability of data is not automated, but that the data is available to a limited number of employees. Data is protected against intentional and unauthorized deletion of data, and data protection measures include an obligation of confidentiality that applies even after termination of the employment relationship.

Amendments to the Privacy Policy

The Company reserves the right to change any part of the Policy at any time.

The amended Policy enters into force at the moment of publication on the Platform and implies that the User confirms that he has read, understood and accepted all provisions of the Policy.

This Policy enters into force on 15.08.2025.