Privacy policy
This privacy policy is effective as of February 1, 2024.
Data Controller: Compass solutions d.o.o., Croatia, Zagreb, Savska cesta 106 (hereinafter: Compass).
At Compass, we deeply value the trust you place in us, and we are committed to ensuring that your privacy and confidentiality are our top priorities. This Privacy Policy serves to outline our commitment to maintaining transparency and providing you with control over how your information is collected, used, and shared. If you have any questions, please send us an email to privacy@compassapp.ai and we will make sure to respond back as soon as possible.
Introduction
In the course of business, Compass needs to collect and process certain data about individuals and therefore it is considered a data controller.
The purpose of this Policy is to ensure that Compass provides all information necessary in connection with the personal data of individuals whose personal data it processes.
This Policy applies to all personal data processed by Compass in relation to any person, irrespective of whether or not such a person is or becomes an employee, customer, supplier, or contact of Compass. This Policy does not apply to anonymous data. Anonymous data is data altered in such a way that it cannot be associated with a particular person or cannot be exchanged without disproportionate effort, so it is not considered personal data within the meaning of the applicable legislation.
This Policy was developed for the purpose of improving the services Compass provides to its customers, to protect Compass’s customers, vendors and employees with respect to the confidentiality of their personal data while processing by Compass. Compass processes its customers’ personal data during the provision of agreed services, for its vendors during the contractual relationships with them and for the employees during the employment relationship. The purpose of this Policy is to prevent any damage to Compass and its customers, vendors and employees as data subjects (here in after jointly referred as data subjects), and to ensure that the processing of personal data by Compass is carried out fully in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR), Act on the implementation of the General Data Protection Regulation (Official Gazette 42/18) and other applicable laws. The personal data processed by Compass in the course of its business basically are not shared with unauthorized persons, offered, sold or transferred outside the European Economic Area. In case that the personal date would be transferred outside the European Economic Area, Compass will secure such transfer by concluding the Standard Contractual Clauses or other appropriate safeguards.
Terms and Definitions
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Data We Collect
You as a Visitor
A “Visitor” is anyone who accesses our public marketing pages at www.compassapp.ai. When you visit our pages, you are informed about our use of cookies. If you want to know more, feel free to take a look at our Cookie Policy
You as a User
A “User” is anyone who registers to use the Compass websites and apps. Only registered users may use the platform and services provided by Compass. When registering as a company, we ask you to provide your full name, your email, company email, company tax ID, company address, and company name. You are personally responsible for the data being entered into Compass as a platform.
Vendors
Compass collects personal data of Vendors primarily to provide services or to fulfil legal obligations. The legal basis for the processing of personal data is the contractual relationship between Compass and Vendor, the legal obligation of Compass or the consent of Vendor.
Employees
Compass collects personal data of its employees important for the employment relationship and in connection with the employment relationship. Beside this, Compass does not collect any personal data of its employees.
Processing of Personal Data
Compass primarily collects, records, stores, and structures personal data for the purpose of providing the data subject with services as part of its business, or for the purpose of complying with legal obligations. The legal grounds for personal data processing are the contractual relationship between Compass and the data subject or compliance with legal obligation of Compass. When processing the personal data of Visitor, the legal ground for processing of the Visitor’s personal data is his consent given when accessing Compass’s public marketing pages. Compass treats such personal data adequately and in compliance with the relevant regulations, irrespective of how such personal data is collected, recorded, stored, and used – on paper, on a computer, or on any other medium. Compass processes personal data it receives from data subjects and third parties subject to informing them or as instructed by them. Compass does not forward such data to third countries, humanitarian organizations or to any charities.
For the purposes of conducting its business processes, Compass may outsource certain data processing services to processors, but only those that implement the technical, logical, and organizational personal data protection measures implemented by Compass. All processors gave the statements that they implemented the technical, logical, and organizational personal data protection measures or concluded the appropriate agreements with Compass.
The current data processors are:
1. Ars Futura d.o.o., Croatia, Zagreb;
2. Amazon Web Services, Inc., Germany, Frankfurt;
3. Salt Edge Limited, Level 39, One Canada Square, Canary Wharf London E14 5AB United Kingdom;
4. Plaid, B.V., Muiderstraat 1, 1011PZ Amsterdam.
Compass stores such personal data collected in an appropriate manner and ensures that they remain confidential. Compass will not forward such collected data to third parties without data subject’s consent, except where this is necessary to comply with its legal obligations or its obligations under a contract to which the data subject is a party, where this is necessary to perform duties being performed in public interest, or where the data subject discloses such data themselves, as well as in all other cases defined by the applicable regulations.
Your Rights
Right to be Informed
The data subject has the right to request from Compass at any time to inform them of whether their personal data is being processed and for what purpose, who the controller is, the contact details of the data protection officer, the categories of personal data being processed, the period for which the personal data will be processed/stored, the source from which such personal data originates and the recipients of such personal data, as well as the right to be informed of their other rights specified in this Policy.
Accessing Data
The data subject shall have the right to obtain from the Compass as a controller confirmation as to whether or not personal data concerning him is being
processed, and, where that is the case, access to the personal data and the following information:
• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data have been or will be disclosed;
• where possible, the envisaged period for which the personal data will be stored or the criteria used to determine that period;
• the right to request from Compass rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• where the personal data are not collected from the data subject, any available information as to their source;
• the existence of automated decision-making, including profiling, as well as the consequences.
Updating Data
The data subject shall have the right to obtain from Compass without undue delay the rectification of inaccurate personal data concerning them specifically. The data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Deleting Data/right to be forgotten
The data subject shall have the right to obtain from Compass the deletion of personal data concerning them without undue delay if the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing, the data subject objects to the processing, the personal data have been unlawfully processed, the personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which Compass is subject, the personal data have been collected in relation to the offer of information society services to a child.
The foregoing shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by European Union or Member State law to which Compass is subject or for the performance of a task carried out in the public interest or in the exercise of official authority, for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes, or for the establishment, exercise or defence of legal claims.
The right to object
The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them including profiling. Compass shall no longer process the personal data unless Compass demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct
marketing.
Data Portability
The data subjects shall have the right to receive the personal data concerning them, which they have provided to Compass, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on their consent and the processing is carried out by automated means. The data subject shall have the right to have the personal data transmitted directly from Compass to another controller, where technically feasible and such right shall not adversely affect the rights and
freedoms of others.
Withdrawing Consent
Data subject’s consent is one of the legitimate grounds for processing data relating to the data subject. The data subject may at any time withdraw the consent given by them. Such withdrawal of consent shall not affect the lawfulness of data processing performed before the consent was withdrawn.
The right to an effective legal remedy (complaint and objection)
Without prejudice against other administrative or judicial remedies, each data subject has the right to submit a complaint to the supervisory authority regarding the processing of his personal data. Every respondent has the right to an effective legal remedy against a legally binding decision of a supervisory body that applies to him. The supervisory authority is the Personal Data Protection Agency, Croatia.
The right to restrict processing
The respondent has the right to request a limitation of the processing of his personal data: if he disputes the accuracy of his personal data – for the period necessary for the attorney to verify that accuracy, if the processing of his personal data is illegal and does not request deletion but only limitation of processing, if the attorney no longer needs his personal data, but their existence is necessary for the fulfillment of his legal requirements, if he has objected to the processing, he has the right to request a limitation of the processing for the period until it is determined whether attorney’s office has legitimate reasons for the processing exceed his reasons from the objection.
Data Protection Officer
Compass has appointed a personal data protection officer and each data subject may contact them in connection with the protection of their personal data at privacy@compassapp.ai.
Privacy of Children
We do not knowingly collect, maintain, or use Personal Information from people under the 18 years of age, and no part of our website or apps is directed to people under the age of 18. If anyone under the age of 18 has provided Compass with their personal data, Compass will delete such information immediately after being alerted to it.
Cookies
To ensure the optimal functionality of our websites and apps, and to enhance your user experience, we utilize small data files known as “cookies.” Our Cookie Policy provides comprehensive details on the nature of cookies and the manner in which we utilize them.
Updates to the Policy
Compass may update this Privacy Policy from time to time in response to legal, technical, or business developments. When we update this Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. When required by law, we will make sure to obtain your consent. You can see the date this policy was last updated at the top of this page.