Privacy Policy
This Privacy Policy (“Privacy Policy”) provides information and describes how HESA GROUP d.o.o., headquartered in Zagreb, Trg Ivana Antuna i Vladimira Mažuranića 13, OIB: 66631337112, registered with the Commercial Court in Zagreb under MBS: 080476091, contact: info@hesa-group.com (“HESA Group”) collects, uses, and discloses personal data in connection with the services we provide on this website HOW Festival (www.howfestival.com).
The term “personal data” refers to all data relating to an individual whose identity is identified or can be identified (“data subject”). An individual whose identity can be determined is a person who can be identified directly or indirectly, especially with the help of identifiers such as name, identification number, location data, network identifier, etc. Identification can be direct by the information itself or in connection with any other information in our possession or likely to come into such possession.
Unless otherwise specified in this Privacy Policy, the terms defined in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – General Data Protection Regulation (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679) (hereinafter: “GDPR”) such as “processing”, “controller”, “supervisory authority”, “consent”, “legitimate interests of the controller or third parties”, “anonymization”, “special categories of personal data” are used in the same meaning in this Notice.
Identity and contact details of the data controller
HESA GROUP d.o.o., headquartered in Zagreb, Trg Ivana Antuna i Vladimira Mažuranića 13, OIB: 66631337112, registered with the Commercial Court in Zagreb under MBS: 080476091, contact: info@hesa-group.com, is the data controller regarding the processing of personal data of users of its services and visitors of the website www.howfestival.com. This means that HESA Group determines the purposes of data processing and the means of data processing, i.e., how and for what purposes personal data will be processed.
The purposes of processing for which personal data are used and the legal basis for processing:
Processing of personal data for the purpose of participant/attendee registration
We collect personal data of HOW Festival participants/attendees when registering for the HOW Festival through the participant registration system available on the HOW Festival website (www.howfestival.com).
As part of the registration process, we collect and further process the following personal data of participants/attendees:
- Name and surname.
- Email address.
- Position
- Company
- Phone Number
“Registration data”
The mentioned registration data are necessary for us, and we use them for the purpose of processing your registration for the HOW Festival, i.e., for the purpose of enabling your attendance at the festival and providing our festival maintenance service. We process this data based on Article 6.1.f. of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party). Namely, since registration for participation in the HOW Festival is carried out through the legal entity of the employer who registers their employees, we have a legitimate interest in providing the service for which you have registered your employees. In cases where the participant/attendee is an individual, a natural person acting within their trade or professional activity, we process the mentioned data, to the extent applicable, based on Article 6.1.b. of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).
Processing of photographs and videos
All events within the scope of the HOW Festival 2024 will be photographed and recorded by the official photographer. We will use the photographs and video material for the promotion of the festival held and for the promotion of our business activities. For this purpose, the mentioned material or its parts will be published on our official website HOW Festival (www.howfestival.com) as well as on our HOW Festival official profile on LinkedIn. Additionally, we provide all participants of the HOW Festival with a link to the official photos from the festival via the email address they provided during registration for the HOW Festival through the attendee registration system. Video recordings of the presentations are used exclusively for our archive. All festival participants may be covered by photography and video material, including both the speakers of the festival and the guest participants. However, during the photography and recording of events within the festival, we will strive, to the greatest extent possible, except when photographing and recording the speakers during the lectures, to avoid prominently featuring individuals singled out from the crowd in the photographs and video material. Otherwise, prior to any further publication of such photographs and/or video clips, including situations where an individual is asked a question/makes a statement, for the purpose of promoting the held festival or promoting our business activities, we will request your prior consent for this purpose. If you do not wish to be photographed or recorded and/or do not want such material in which you appear to be further published for the stated purpose, you can object to such processing at any time. In that case, we will not photograph/record you or delete the requested photograph and/or video clip.
All photographs and video material are kept for up to two years from the date of the event.
We perform this data processing based on Article 6.1.f. of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party), namely, based on our legitimate interest in conducting our business, as evidence of the organization and holding of the festival, its attendance, and success. In the above-mentioned individual situations, we process the photographs and video material based on Article 6.1.a. of the GDPR (the data subject has given consent to the processing of their personal data for one or more specific purposes). At any time, you have the option to withdraw your consent by informing us of the withdrawal of consent by sending an email to info@hesa-group.com.
Processing of personal data for marketing purposes
If you give us your consent to receive marketing materials by subscribing to the “newsletter” via the form available on our website HOW Festival (www.howfestival.com), we will occasionally send you content via email informing you about new speakers, updated program, festival sponsors, and our upcoming festivals. For this purpose, we collect the following data:
- Full name
- Email address
The legal basis for this data processing is Article 6.1.a. of the GDPR (the data subject has given consent to the processing of their personal data for one or more specific purposes). At any time, you have the option to withdraw your consent for marketing purposes, i.e., unsubscribe from the newsletter, by informing us of the withdrawal of consent by sending an email to info@hesa-group.com, as well as when receiving each individual email/newsletter.
Processing of personal data for responding to inquiries from potential partners/sponsors
In order to establish a partnership with the HOW Festival and to improve existing and build new business relationships, you can download the brochure from our website. For this purpose, we collect the following data:
- Full name
- Job title
- Company
- Email address
Also, if you contact us via email regarding sponsorship inquiries, we will process the provided data to respond to your specific inquiry.
We process the mentioned data in these cases based on Article 6.1.f. of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party). We believe that we have a legitimate interest in responding to your sponsorship inquiries or requests for brochure downloads, as such actions represent our legitimate interest in conducting our business.
Processing of data for responding to your inquiries
When you contact us via the contact form available on our website, we process the following personal data in order to respond to your inquiry:
- Full name
- Email address
We process this data based on Article 6.1.f. of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party), as such actions represent our legitimate interest in conducting our business.
Processing of data for surveys
We use your full name and email address that you provided when registering for the HOW Festival via the participant registration system or when downloading the brochure from our website to send you a short satisfaction survey about the festival. Through the survey, we collect your feedback on the festival, which helps us better shape future events and improve the sponsorship experience for all stakeholders.
We process this data based on Article 6.1.f. of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party). We believe that we have a legitimate interest in obtaining feedback on the satisfaction of all participants in the festival, in order to better organize future events within our business and improve sponsorship experiences, as such actions represent our legitimate interest in conducting our business.
Processing of personal data related to the establishment, exercise, or defense of legal claims
Additionally, we may process the collected personal data for the purpose of establishing, exercising, or defending legal claims. Also, to comply with legal obligations of the data controller if the processing of participants’ personal data is necessary to comply with the law or a court order.
Cookies
Furthermore, our website uses technology to automatically collect information about usage. When you access or use our services available on the HOW Festival website (www.howfestival.com), we collect certain data from your browser (user visits to our website including, but not limited to, IP address, device data used to connect to the internet, type and version of Internet browser used, browser data, timestamps, location data) using so-called “cookies.” A cookie is a small file that a website sends to a user’s browser, which then saves it in the user’s system. Cookies allow us to see which pages you have visited, to manage our website and technical solutions, and to ensure the security of our website.
Please review our Cookie Policy for more information about cookies and how you can change settings to delete or refuse cookies.
Further processing for new purposes
If we intend to use your personal data for a new purpose not covered by this Privacy Policy, we will provide you with a new notice before starting the processing and determining the relevant purposes. When necessary, we will request your prior consent for such new processing.
Recipients of personal dat
We share your personal data obtained through your registration/sign-up and use of our services with the following recipients/categories of recipients:
- External organizations that assist us in our business and/or processing of personal data on our behalf and according to our instructions (e.g., our accountants, IT operators and technical support, official photographers, etc.). Service providers and/or data processors and their appointed staff may access your personal data and use it only on our behalf for performing specific tasks for which they were engaged, according to our instructions, and they are required to keep your personal data confidential and secure.
- We may also disclose your personal data to data controllers such as courts, administrative bodies, data protection supervisory authorities, and our legal advisors, if necessary for compliance with our legal obligations, establishment, exercise, or defense of legal claims.
Transfer of personal data to third countries
All personal data we collect, and process is stored and kept in the Republic of Croatia and is not transferred or stored further in other third countries and/or international organizations outside the European Economic Area (EEA).
If in the future it becomes necessary to transfer your personal data to organizations in third countries or international organizations, and these organizations may have different standards for personal data protection than those established within the EEA and are not covered by the European Commission’s adequacy decision, we will ensure, as required by applicable laws and regulations, that personal data and data subjects’ rights are adequately protected by appropriate safeguards, such as standard contractual clauses for data protection adopted by the European Commission and/or competent supervisory authority. We will promptly inform you about such transfers to third countries or international organizations, as well as the protective measures we have taken to protect your personal data in this regard.
Retention of Your Personal Data
We take all reasonable measures to ensure that your personal data is stored in a form that allows identification of the data subject only for as long as necessary for the purposes for which the personal data are processed, as stated earlier in this Privacy Policy, the regulations defining data retention periods, applicable statutory limitation periods, while ensuring the application of appropriate technical and organizational measures to protect your rights and freedoms.
If we process your personal data based on your consent, such personal data will be processed only for the duration of the consent, which you can withdraw or restrict at any time. If you do so, we will cease processing the relevant personal data for the purposes for which you provided your consent.
Afterward, this data is promptly deleted or anonymized, unless the same data needs to be stored for a certain period, e.g., in accordance with tax or other regulations (e.g., accounting documentation must be kept for 11 years), or in case there is a possibility of a claim being filed, in which case the data is kept until the claim is statute-barred, and the same data will no longer be processed for other purposes.
Your Rights Regarding the Processing of Your Personal Data
Unless exceptions apply or where it is stipulated that the exercise of rights is not applicable under applicable data protection laws and regulations, data subjects have the following rights regarding their personal data that we process:
- The right to obtain confirmation from us as to whether your personal data are being processed and, if so, access such personal data (“Right of Access”);
- The right to request correction or supplementation of any personal data if it is found to be inaccurate or incomplete (“Right to Rectification”);
- The right to request erasure of personal data if they are no longer necessary for the purposes for which the Company processes such data, where applicable (“Right to Erasure”);
- The right to withdraw consent at any time if the processing is based on consent;
- The right to request that we provide you with your personal data and, if possible, transmit that data directly to another data controller, where applicable (“Right to Data Portability”);
- The right to request restriction of further processing, where applicable (“Right to Restriction of Processing”);
- The right to object to the processing of personal data, in case we conduct processing based on our legitimate interests and legitimate interests of third parties (“Right to Object”);
- The right to lodge a complaint with the supervisory authority.
Upon receipt of requests to exercise rights, we will promptly respond to the request without undue delay. We will also provide you with information on the actions taken without undue delay and in any event within one month of receipt of the request.
This period may be extended by an additional two months, if necessary, taking into account the complexity and number of requests. We will inform you of any such extension, if it occurs, within one month of receipt of the request, along with the reasons for the delay.
This information is provided free of charge. However, please note that if the data subject’s requests are clearly unfounded or excessive, especially because of their frequent repetition, we reserve the right to:
charge a reasonable fee taking into account the administrative costs of providing information or notification or processing the request; or refuse to comply with the request.
If you believe that the processing of your personal data by us violates your rights, you have the right to lodge a complaint with the competent data protection supervisory authority. The contact details of the Croatian supervisory authority for data protection are:
Name: Croatian Personal Data Protection Agency – AZOP
Headquarters: Zagreb
Address: Selska cesta 136, 10000 Zagreb
Telephone: 00385 (0)1 4609-000
Fax: 00385 (0)1 4609-099
Email: azop@azop.hr
Website: www.azop.hr
Changes to the Privacy Policy
If we change the way we handle your personal data in connection with the provision of our services, we will update this Privacy Policy and inform you in a timely manner.
Contact Information for the Data Controller
For any questions regarding the processing of your personal data and the exercise of rights provided by the General Data Protection Regulation, you can contact us by sending an email to: info@hesa-group.com. We will acknowledge and investigate any complaints about how we manage your personal data.
This Privacy Policy was last updated in April 2024.