Privacy Policy

We at DIGIHEY d.o.o., with registered seat at Zagreb, Ulica Vilima Korajca 29 (“Digihey“ or “our”) care about data privacy. Ensuring compliance with all regulations, including personal data protection, is a top priority for Digihey.

Data Controller

Digihey is a data controller that determines how and why personal data is processed.

Type of Personal Data Digihey Processes

Personal data is any data relating to an individual whose identity is known or can be determined. An identifiable individual is a person who can be identified directly or indirectly, in particular with the help of identifiers such as name, identification number, location data, online identifier, or with the help of one or more factors inherent to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

When you access our website, Digihey only processes cookies’ information. Digihey refers you to the Cookie Policy, where you can find out more information.

If you start communicating with us, for example, by filling in the application form, responding to our surveys, if you choose to connect a third-party account (for example, a social media account) Digihey will process the information you provide for the purposes listed on the form, such as your name, email address, other contact information if applicable.

Digihey might seek some other information so Digihey can answer your inquiry. If you provide us with a special category of personal information, you give us consent to process them.

Use of Personal Data

Digihey may use your personal data collected through our website for the following purposes:

  • Conclusion of contracts and performance of contractual obligations
  • Our legal interests
  • Recruitment and personnel affairs
  • Safety, quality, and risk management
  • Direct marketing
  • Indirect marketing
  • To Whom Digihey Gives Personal Data

    From time to time, Digihey may transfer or disclose your personal data to other employees or third parties, for any of the above purposes, including government and professional agencies and third parties that perform services on our behalf, such as web-hosting-providers, IT service providers, payment service providers, customer relationship management service providers.

    When Digihey discloses your personal information to third parties that perform services on our behalf, Digihey ensures that those service providers use your information only in accordance with our instructions.

    Digihey may also disclose your personal information to third parties when Digihey is required to do so by law, to regulators, or for the purpose of, or in connection with, any legal process, or otherwise for the purpose of establishing, exercising, or defending our legal rights.

    Due to the global nature of our business, Digihey may transfer your personal data outside the European Economic Area (“EEA”) to countries whose data protection laws may not be as comprehensive as those in the EU.

    When Digihey transfers data outside the EEA, Digihey will only transfer such personal data (a) to a country that the European Commission considers to have adequate data protection laws; or (b) where Digihey has put in place an appropriate data transfer mechanism, such as EU Standard Contractual Clauses, to ensure that your personal data is adequately protected.

    Digihey does not sell or rent your personal data for any purpose.

    Duration of the Personal Data Processing

    Digihey will keep your data for as long as necessary to achieve the purpose(s) for which it was collected, including to comply with any legal, accounting, or reporting requirements. After the applicable retention period, Digihey will either delete or de-identify your data. Digihey may continue to use data that is not identifiable to you (for example, aggregate data).

    Safety of Personal Data

    Digihey provides appropriate technical and organizational measures to ensure the protection of your personal data from loss, misuse, alteration, and accidental destruction, such as the use of antivirus software, firewalls, password protection, physical access control, two-factor authentication, intrusion and anomaly detection. Digihey is constantly upgrading and testing our security technology.

    Our staff, who have access to your personal data, are trained to keep such data confidential. They will only have access to your personal data to the extent that they need that information to perform their duties properly. Persons who may review your information are also bound by strict professional discretion.

    The conditions for data protection, at least to the same standard as ours, are binding for all our contractors, (sub)processors, and suppliers.

    Regular monitoring and testing of our security protection are carried out to ensure that it remains effective against the latest threats.

    Your Rights

    If Digihey processes your data, you have a right to:

  • Access the personal data Digihey has about you
  • Ask Digihey to correct any of your personal data that Digihey has that is incorrect
  • Request that your personal data be deleted
  • Withdraw consent to the processing of your personal data (where Digihey processes your personal data based on consent)
  • Set a limit for the processing of your personal data
  • Refuse to process your personal data
  • Request the transfer of your personal data to another controller (data portability).
  • Digihey will process all rights of use of your data in accordance with the requirements of applicable privacy law. If you wish to exercise any of your rights as a data subject or have any questions regarding this statement, please contact us using our contact form.

    If you are dissatisfied with how Digihey manage your personal data, and Digihey cannot solve the problem, you can contact the Personal Data Protection Agency. You can find more details on their website http://www.azop.hr/

    Notification of Personal Data Breach

    In the event of a personal data breach, Digihey will notify you and the competent supervisory authority by e-mail within 72 hours of the extent of the breach, the data covered, the possible impact on our services, and our planned measures to secure data and limit any adverse effects on individuals.

    Digihey will not send you a notice of infringement in the case of:

    - if there are technical and organizational protection measures (such as encryption) that have been applied to the personal data affected by the personal data breach, which make that data unintelligible to any person who is not authorized to access it;

    - if Digihey has taken follow-up measures to ensure that a high risk to the rights and freedoms of individuals is no longer likely to occur;

    - if this would require a disproportionate effort (in which case Digihey will inform you through public information or a similar equally effective measure).

    A personal data breach means a security breach that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access of personal data transmitted, stored, and processed in connection with the provision of our services.

    Supplemental Privacy Notice for California residents

    If you are a California resident, under the California Consumer Privacy Act of 2018 (“CCPA”), you are entitled to receive specific information on how Digihey processes your data.

    CCPA establishes specific rights for California residents to control their personal information and requires businesses to provide specific information to California residents regarding how their personal information is collected, used, and shared.

    Your rights

    When you submit a request to exercise your rights, Digihey is required to verify that you are the consumer to whose personal information the request relates or a person authorized to act on that consumer’s behalf. Digihey will usually not need additional information to verify your request if you submit your request using our contact form. For requests submitted by other means (for example, by e-mail), Digihey may ask you to provide additional information.

    Right to Know. You have the right to know what personal information about you Digihey collects, from which sources, for which purposes, and with whom Digihey shares it. You also have the right to request specific pieces of personal information Digihey has collected about you. This request can be made free of charge twice in any 12-month period. Moreover, you have the right to know which categories of personal information Digihey has sold or disclosed for business purposes. Please refer to this Privacy Notice for the information on what personal information Digihey collects, for which purposes, and with whom Digihey share it.

    You may request a copy of your personal information by contacting us at hr@digihey.com.

    Deletion. You have the right to request that Digihey deletes any personal information about you that Digihey has collected from you, subject to certain exceptions provided in the CCPA (including, for example, where Digihey needs to keep your personal information to protect against malicious, deceptive, fraudulent, or illegal activity or to comply with a legal obligation).

    You may request the deletion of your personal information by contacting us at hr@digihey.com.

    Following your deletion request, Digihey may either erase or de-identify your personal information.

    Right to Opt-Out. You have the right to direct us not to “sell” your personal information. To exercise your right to opt out, contact us at hr@digihey.com.

    Non-Discrimination. You cannot be discriminated against for exercising your rights under the CCPA.

    A summary of how Digihey may collect, use, and share your personal information follows. The summary is provided in the format required by the CCPA.

    Digihey regularly collects the following categories of personal information specified in the CCPA:

    Category of Personal information Examples Sources
    Identifiers IP address, hardware or operating system-based identifiers, email address. Directly from you, third-party account providers (if you link a third-party account), or third-party payment service providers (if you make purchases).
    Commercial Information Information regarding records of purchases you may have made. Directly from you.
    Internet or Other Electronic Network Activity Information Not applicable Not applicable
    Geolocation Data Your approximate location (country, state, or city) is determined based on your IP address. Directly from you.
    Inferences Drawn from this Information to Create a Profile about You Your geolocation or preferences are used to personalize our products and/ or services for you. Digihey makes these inferences based on the other categories of information.

    Digihey may use this information for the following business purposes specified in the CCPA:

    - auditing related to an interaction with you and concurrent transactions,

    - detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity,

    - performing our services,

    - internal research for technological development and demonstration, or

    - activities to verify or maintain the quality or safety of our services, and to improve, upgrade, or enhance our services.

    Digihey may share the information with recipients such as our service providers to achieve these business purposes. This means that Digihey may disclose the categories of personal information listed above for business purposes.

    Digihey may collect any information you choose to submit to us using these features. In addition to the personal information listed in the table above, this may include other categories of personal information specified in the CCPA, including:

    - characteristics of protected classifications under California or federal law (for example, sex or age),

    - any categories of personal information described in subdivision (e) of Section 1798.80 of the California Civil Code,

    - professional or employment-related information, or

    - education information.

    Digihey only collects these categories of personal information directly from you, and you may choose not to submit this information to us at your discretion. Digihey may use the personal information you choose to submit for performing our services (for example, to handle your support inquiries) and short-term, transient uses, and Digihey may share the information with recipients such as our service providers to achieve these business purposes. This means that Digihey may disclose these categories of personal information for business purposes.

    How Digihey may “sell” your personal information

    Under the CCPA, a business must provide a consumer notice before selling the consumer’s personal information to third parties. The CCPA defines a “sale” as not only exchanges for monetary consideration, but also disclosures of personal information for other valuable consideration.

    Digihey do not sell your personal information.

    Amendments to This Privacy Notice

    This Privacy Notice was drafted on hr@digihey.com Digihey will update this Privacy Notice when needed and inform you about that indicating the last date when the Privacy Notice was updated.

    If you have questions about this Privacy Notice, contact us at hr@digihey.com