Security and protection of personal data policy

The business success of ABC Informatic d.o.o. is based on achieving a high level of information security of our products and services and protection of personal data given to us for processing, as well as meeting the expectations and needs of our customers and users of related products and services through:

  • Timely realization of assumed contractual obligations
  • Continuous development and improvement of existing IT solutions, ensuring the application of the latest tools and trends in the IT industry
  • Reducing the risk of damage or loss of information due to internal, external, accidental or deliberate threats and prevention of security incidents through the reduction of their potential impact by a continuous application of the methodology of risk assessment and management of the same.

The protection of personal data and compliance with Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR) and applicable legislation is a key component in gaining and maintaining the trust of employees, customers / users, and all other stakeholders.

When we process personal data, they must always be: lawfully, fairly and transparently processed, in accordance with the rights of the data subjects and protected by appropriate technical and organizational measures taken against unauthorized or unlawful processing.

We strive to achieve information security through the application of a system that is established and maintained according to the requirements of ISO 27001:2013.

Company management regularly establishes annual goals, so as to enable the realization of the policy and objectives of information security. The strategic guidelines for setting these goals are as follows:

  • Recognize current and future needs and expectations of stakeholders
  • Apply the best available technologies and processes, which will contribute to improving the quality, reliability and safety of products, services and information.
  • Ensure constant education in order to develop expertise, knowledge and training, create a supportive environment and provide the necessary resources
  • Adopt new IT tools and technologies in the realization of products and be a leader in Croatia in monitoring world trends in information technology and security
  • Establish long-term relationships with business partners and stakeholders and involve them in achieving the goals and policies set out here.
  • Ensure fair and transparent processing of personal data of users of our products and services, as well as our employees and other stakeholders.

DATA DELETION AND PRIVACY ADDENDUM

COLLECTION OF PASSENGER DATA (MANIFEST) The application allows for the entry of passenger data (name, surname, date of birth, and identification document number) exclusively for the purpose of creating passenger manifests and complying with the legal obligations of tour operators. This data is processed within the central Sintesys system and is not used for other purposes nor shared with third parties, except with competent authorities when required by law.

CARD PAYMENTS AND FINANCIAL DATA All card processing and collection of sensitive financial data (such as card numbers or PINs) are performed exclusively through authorized external payment applications. Our application does not collect, store, or have access to this data. Transaction data received after a successful payment (such as a transaction ID) are used solely for immediate processing and receipt printing, and are not permanently stored within the mobile application.

DELETION OF DATA AND USER ACCOUNTS Although user accounts for the application are created by system administrators, every user has the right to request the deletion of their account or any personal data entered into the system. Deletion requests can be sent to the following e-mail address: support@sintesys.hr.

Your request will be processed within 15 days.

Approved by:
CEO: Amir Brkovic
Dubrovnik, February 18, 2019