Privacy policy

The Organization, for the purposes of this Policy, refers to The Mr. CTO, obrt za savjetovanje i usluge, vl. Ivan Golubić, with its registered business address at Bregana Pisarovinska 37, 10451 Pisarovina, Croatia, VAT ID (OIB): 48036835495, and Registration Number (MBO): 99003384 (hereinafter: the Organization).

The Organization attaches great importance to the protection of personal data of our users. The privacy protection policy governs the way of dealing with the information that the Organization processes or collects when visiting our websites. The processing of personal data is based on one of the legal bases of processing. In each individual case when we additionally process your personal data, we will notify you both of the legal basis on which we process them in that case and of your rights related to the protection of personal data.

Contact:

Data controller and data protection officer: dpo@themrcto.com

Collection and processing of personal data

Personal data is considered data that identifies or can identify you (such as name, gender, address, e-mail or postal address, etc.). The Organization collects your personal data in the event that you have made it available to us (e.g. during registration, consent), and when it is necessary to fulfill an obligation arising from applicable regulations or contracts or based on legitimate interest.

Use and disclosure or transfer of personal data

The Organization will use your personal data for the purposes of technical website management, analysis of preferences, delivery of general and individualized offers, and for the purposes of scientific research and the application of new technologies (such as machine learning and artificial intelligence) for the purpose of optimizing the user experience and personalizing content, and with the aim of You are given access to special information and for the purposes of communication with you. We inform you that it is possible for us to make your personal data available to other companies and clients, all with the aim of fulfilling the purpose for which the said personal data was collected. Also, the Organization advises all parents and guardians to teach their children how to safely and responsibly handle personal information online. The services we provide are not intended for persons under the age of 16, but for the data we collect or process, we cannot know whether they refer to persons under the age of 16. We advise all parents and guardians to teach people under the age of 16 how to handle personal information safely and responsibly on the Internet.

Our websites you visit use cookies. Cookies are small files that are temporarily stored on your device, which enables our website to recognize your device when you next visit the site. You can find out more about cookies in our Cookie Policy.

The Organization can also process your personal data such as e-mail address. If you have given your express consent to receive the Newsletter, we can send you an electronic newsletter with commercial content for advertising. The data you provided to us in order to subscribe to the Newsletter will only be used to send the Newsletter. If you want to unsubscribe from the Newsletter, you can do so at any time via the unsubscribe option found in the Newsletter. In case of cancellation of the subscription, we will stop processing the personal data that we have collected for this purpose. We must note that the aforementioned procedure will not affect the validity of the data previously collected on the basis of consent. We store the collected data only for the period during which you receive the newsletter and you have not canceled your consent to receive the Newsletter. In certain situations, the Organization may also process your e-mail address based on legitimate interest, in accordance with the current regulations related to the protection of personal data, as well as the regulations governing the field of electronic communications. This is stated only in exceptional cases, for example if you are our user, you have contracted one of our services, etc. We certainly note that in the event that your data is processed on the basis of a legitimate interest, you can at any time object to the processing or exercise one of your rights. In every situation in which your data is processed in this way, you will be adequately and additionally informed about the same.

Sending and receiving newsletters is done through our internal service and your data is not shared with other services for sending newsletters.

Registration on the web portal

For the purposes of user registration on the Organization's web portal or regional and other related portals (e.g. themrcto.com, learn.themrcto.com), the following personal data are collected: e-mail address, and first and last name. In addition to the above data, as part of the user's use of the functionality of commenting on the content of articles on the Organization's web portal, data is collected on the written comments of registered users, the marking of user comments (so-called "flagging") and the like. The data is used exclusively for the purpose of registering users on the web portal and using the functionality of commenting on articles.

Safety

The Organization makes great efforts to ensure the security of personal data and compliance with applicable data protection regulations (such as the General Data Protection Regulation, the Law on the Implementation of the General Data Protection Regulation, etc.). Please note that your data is conscientiously protected against loss, destruction, manipulation, unauthorized access and unauthorized release. Members of our team at the Organization are obliged to respect the confidentiality of your data and to comply with the general acts of the Organization. Also, the Organization uses state-of-the-art technical and organizational safeguards to ensure the security of your personal data.

Storage term

We store your data until the expiration of a period of 3 (three) years, counting from the expiration of the contractual relationship, except for those data for which valid regulations prescribe a longer storage period is the same day, i.e. since the last time your preferences regarding the use of cookies and data processing through them were changed.

User rights

The user decides which information about himself he makes available to the Organization. In the event of a change in any of your personal data, please inform us of the changes by e-mail: hi@themrcto.com to correct or update your personal data.

We hereby inform you that you have the right to withdraw the given consent at any time in whole or in part, by sending a notification to the e-mail address: hi@themrcto.com in written or electronic form or orally.

Furthermore, upon receipt of the statement of withdrawal of consent, we will confirm receipt in writing, and the personal data covered by the statement of withdrawal will no longer be processed starting from the date of withdrawal of consent. Please note that all processing and/or transfers made up to the date of withdrawal of consent will still remain legally valid. In addition to the right to withdraw consent, users, in accordance with applicable data protection regulations, have the right to request from the Organization:

to give you access to your personal data (You can ask which of your personal data it uses, and you can request access to that personal data. You have the right to know the purpose of the processing, which categories of your personal data we keep, the bodies or categories of bodies with which we share your personal data, the period retention of data, as well as the source of data in the case when data is collected indirectly.)
to provide you with a copy of the personal data we hold (You can contact us if you would like a copy of some or all of the personal data we hold about you.)
request correction of incorrect information (We want your personal information to be accurate and up-to-date. You can ask us to correct or remove information that you think is incorrect or out of date.)
request deletion of personal data (You can ask the Organization to stop processing or even delete your personal data. If we need your personal data to perform some contractual obligation towards you, the Organization may cease to be able to perform such contractual obligations. Also, if your personal data necessary in order to fulfill certain legal obligations (eg tax obligations), your request may not be fulfilled.)
limiting the processing of your personal data (to us and/or third parties) in certain processes or completely (for example, if you want to dispute the accuracy of the data; or we no longer need the personal data for the purpose of processing, but you need them for the establishment, execution or processing of legal request or you objected to the processing on a basis that we consider legitimate - you have the right to request the restriction of the processing of personal data.)
submit an objection to the way we use your data (Remember that you have the right to object to the processing of personal data based on a legal basis that the Organization considers legitimate)
request the transfer of data to another processor (transferability of rights) (If the processing is based on your consent or is carried out by automatic means, you have the right to request the transfer of data to another processor.)
the right to complain to the supervisory authority: Personal Data Protection Agency, Selska cesta 136, Zagreb, phone: +3851 4609 000, fax: +3851 4609 099, e-mail: azop@azop.hr

You can exercise some of your rights related to the protection of personal data by contacting our data protection officer at dpo@themrcto.com. In case you have decided that you do not want to share your data, please understand that you may not be able to access some parts of the website. Users who decide that they no longer want to receive our services can unsubscribe from receiving notifications by unsubscribing on our site, and by sending an e-mail notification to hi@themrcto.com

Automated processing

Please note that some data (such as the type of Internet browser you use, the number of visits, the average time spent on the pages, the content viewed, etc.) is processed automatically when accessing the Organization's Internet pages. The above data is used for the purpose of evaluating the attractiveness of our website. Please note that the user has the right not to be subject to a decision based solely on automated processing, unless such a decision is necessary for the conclusion or execution of a contract between the user and the Organization, permitted by Croatian or Union law or based on the express consent of the user.

Links to other sites

This privacy statement applies to the Organization's host homepage and related portals. These pages may contain links to other service providers and are not covered by this privacy statement. When leaving the the Organization's website, please familiarize yourself with the privacy policy statements on each website that collects personal data.

Data collected about you by Google LLC

The Organization uses services provided by Google LLC and its affiliates, including YouTube, and services provided on third-party websites, such as advertising services (hereinafter: Google). The Organization is obliged to inform its users about the data collected by Google when providing its services to other legal and natural persons. Data collected by Google includes unique identifiers, browser type and settings, device type and settings, and operating system.

In some circumstances, Google also collects information about you from publicly available sources. For example, if your name appears in a local newspaper, Google's search engine may index that article and display it to other users when they search for your name. It is important to note that Google may also collect information about you from trusted partners, including marketing partners who provide information about potential users of Google business services and security partners who provide us with data for protection against abuse, as well as advertisers to provide ads and research services in their Name.

Google uses data for analytical and measurement purposes. For example, Google analyzes data about your visits to Google websites and also uses data about ads that you have interacted with. When you visit websites that use Google Analytics, Google and the user of Google Analytics can link data about your activity on that website with activities on other websites that use Google advertising services. Collected data, such as your email address, is used by Google to interact directly with you. For example, it may send you a notification if it detects suspicious activity, such as an attempt to sign in to your Google Account from an unusual location, or it may notify you of upcoming changes or improvements to services. In the event that you contact Google, Google logs a record of the request to facilitate the resolution of your problem. Google uses automated systems that analyze your content to provide tailored search results, tailored ads or other features tailored to your use of our services. Your content is also analyzed by Google to detect abuse such as spam, malicious or illegal content. Google also uses algorithms to recognize patterns in data. For example, Google Translate helps people communicate in different languages by detecting common language patterns in the phrases you're looking for a translation for. For the purposes described above, Google may combine data collected from its services and all your devices. Depending on your account settings, your activity on other websites and in other applications may be linked to your personal data in order to improve Google services and the ads displayed by Google. If other users already have your email address or other identifying information, Google may show them your publicly visible Google Account information, such as your name and photo. That way, for example, they can more easily recognize the electronic message you send them.

Your privacy control

You have choices about the information Google collects about you and how it uses it. This section describes the main controls for managing privacy:

You can visit the Privacy Settings Checker where you can review and adjust important privacy settings.
Visit the page Check privacy settings, Manage data and view and update data.
Once you're signed in, you can always review and update your information by visiting the services you use.
Google has also established a place where you can review and manage the data that is saved to your Google Account.

The following controls are available in your Google Account:

Privacy controls
Activity controls
Ad settings
You can modify your interests, choose whether your personal information is used to display relevant ads, and opt-in or opt-out of certain advertising services.
Google allows you to manage the information that others see about you on Google services.
Shared recommendations via Google.
Choose whether your name and photo appear next to your activities such as reviews and recommendations that appear in ads.
Google also provides you with ways to view and update your data. On the My Activity page, you can review and control data generated by your use of Google services, such as your past searches and visits to Google Play. You can view your activity by date and topic, and you can delete it partially or completely.
Google Dashboard Service.

Through the Google dashboard, you can manage the data associated with certain products. Your personal data

Manage your contact information such as name, email address and phone number. When you are not signed in, you can manage the information associated with your information. Personalize your search while you're signed out: Choose whether your search activity is used to offer relevant results and recommendations. YouTube settings: Pause and delete YouTube search history and YouTube watch history.
Manage your ad settings on websites and apps that display ads in partnership with Google.
Export, removal and deletion of data. You can optionally export a copy of content from your Google account for backup or use on a non-Google service.
Request removal of content from certain Google services based on applicable laws.

To delete your data, you can: Delete content from certain Google services. Search for and then delete specific items from your account via the My Activity page. Delete certain Google products, including the data associated with them. Delete entire Google account.

Transfer to third countries

The Organization uses tools and services of social networks that do not operate only in the territory of the European Union and can process your data outside the European Union. Data collected by third parties through Cookies (e.g. Google Analytics) can generally be said to travel from the data collection center closest to the location where the Internet traffic originated. Therefore, it is possible that data, including ad-related traffic, is received on servers located in the EEA and referred to servers located outside the EEA. You will find more information about this in our Cookie Policy document. In the event that your personal data is transferred from your country to another country, it is possible that the laws and regulations governing the protection of your personal data in the country to which your data is transferred differ (or provide for a lower level of protection) than the country in which you live or you are located. It is our intention not to transfer your personal data outside the EEA unless prescribed and appropriate safeguards are in place, which include: (1) the adequacy decision of the European Commission in relation to that country or countries; (2) certificates on the existence of a "security shield"; (3) appropriate and binding rules of procedure; (4) adopted code of conduct with binding and verifiable statements of the data processor or data processor in a country outside the EU or EEA; (5) adopted verification and confirmation mechanisms with binding and verifiable statements of data processing managers or data processors in a country that is not in the EU or EEA; (6) contract in accordance with EU standards approved by the European Commission. Contracts we conclude with legal entities located outside the EU or EEA obligate them to handle your data with special security measures in accordance with the regulations in force in member states of the European Union. In the case of data transfer to the USA, and if none of the above-mentioned legal transfer options are applicable or the European Commission's decision on adequacy in relation to a specific country has been declared void, we will ask you for a temporary permission to transfer data. The transfer of data in this case will be based on the exceptions from Article 49 of the General Data Protection Regulation as a valid secondary temporary solution.

Server

The Organization does not own its own servers, but uses available services with virtual servers (VPS) and other services that enable the smooth operation of the platform and related services.

For this purpose, the following services are used:

Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg

The Organization collects and processes personal data through user interactions on social networks such as Facebook, Instagram, LinkedIn and YouTube. The Organization, or the responsible persons, have access to messages and/or posts on the mentioned social networks; however, personal data collected through them, especially those contained in messages, is not stored or additionally processed by the Organization except for the purposes specified in this Policy. Exceptionally, the Organization can store your data if we are obliged to do so by the applicable regulations of the Republic of Croatia. The Organization uses a business profile using the services of Facebook, Instagram, LinkedIn and Youtube, and you can view their privacy rules or confidentiality statements as well as the way they use your personal data at:

FACEBOOK ONLINE https://www.facebook.com/policy.php
YOUTUBE ONLINE https://policies.google.com/privacy
INSTAGRAM ONLINE https://help.instagram.com/519522125107875
LINKEDIN ONLINE https://www.linkedin.com/legal/privacy-policy

In case you have questions related to the collection and processing of data by Facebook, YouTube and/or Instagram or wish to exercise one of your rights guaranteed by the General Data Protection Regulation, please contact:

FACEBOOK IRELAND Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Contact of the data protection officer:

https://hr-hr.facebook.com/policy.php https://www.facebook.com/help/contact/540977946302970

If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory body of Facebook, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.

FOR YOUTUBE: Google Ireland, Ltd., Gordon House Barrow St, Dublin 4, Ireland

Contact data protection officer: https://support.google.com/policies/contact/general_privacy_form

If you are not satisfied with the way your personal data is collected and processed, you can contact Twitter's leading supervisory body, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.

FOR INSTAGRAM:

FACEBOOK IRELAND Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Contact of the data protection officer:

https://hr-hr.facebook.com/policy.php https://www.facebook.com/help/contact/540977946302970

FOR LINKEDIN:

LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland

Notification of changes and contact

Any changes to our privacy policy will be posted along with this privacy statement, on the home page, and in other places deemed appropriate. If you have any questions related to the privacy statement, please contact us by e-mail: hi@themrcto.com

Last modification: 15.04.2025.