Privacy policy

The term “personal data” means any information relating to an identified or identifiable natural person (“data subject”).

02 Which personal data we collect about you, for what purpose and how long we keep it

We process your personal data only to the extent required by the services we provide to you or for other processing purposes, namely:

02.1 Performance of a service agreement

For the purpose of entering into and performing a service agreement with our users, we process personal data of our current users, persons authorised to represent our users that are legal entities, their employees, related persons, and third parties such as persons authorised by our users to access Shipshape services.

Such personal data may include (depending on the specific service and necessity): first name, last name, personal identification number, date and place of birth, gender, residence, email address, telephone number, and other data required for identification and performance of contractual obligations.

Legal basis: the legal basis for processing data necessary to enter into and perform the agreement is performance of the contract (i.e., taking steps at the request of the data subject prior to entering into a contract). For processing necessary for system security, prevention of misuse and the establishment, exercise or defence of legal claims, the legal basis is our legitimate interest.

Retention period: personal data will be processed for the duration of the contractual relationship and, after termination, for as long as necessary to comply with legal obligations and/or to establish, exercise or defend legal claims, and generally no longer than five years after termination of the contractual relationship (unless longer retention is required in a specific case by law or due to court/administrative proceedings).

If you, as a user, do not provide all necessary data, we may not be able to enter into an agreement with you or perform all obligations arising from such an agreement.

02.2 Compliance with legal obligations

For the purpose of compliance with obligations prescribed by applicable regulations, in particular the Accounting Act, the Electronic Communications Act and the General Tax Act, we process your personal data which may include first name, last name, personal identification number, date and place of birth, gender, residence, email address and telephone number.

Legal basis: processing is necessary for compliance with our legal obligations.
Retention period: personal data will be processed for the period prescribed by the relevant regulations.

02.3 Recruitment

For recruitment purposes we collect personal data of potential employees and other candidates. Personal data collected for this purpose includes CVs and/or other data typically contained in a CV and/or typically related to recruitment procedures, such as first name, last name, personal identification number, date and place of birth, gender, residence, email address, telephone number, information about education and previous work experience, and photographs (if provided by the candidate).

Important note – special categories of data: we do not request special categories of personal data (e.g., health data) and we ask candidates not to include them in their application. If a candidate voluntarily provides such data, access will be strictly limited and the data will be processed only if necessary and permitted under applicable regulations.

If you do not provide the data required to carry out the selection process, we may not be able to consider your application and/or enter into an employment contract.

If a candidate is not offered a position or a specific role on a particular occasion, but we believe the candidate may be suitable for a different role in the future, we may, with the candidate’s consent, retain their personal data for future consideration.

Retention period: data collected based on consent for future consideration will be deleted after withdrawal of consent and/or cessation of processing due to fulfilment of the purpose for which consent was given and/or cessation of processing due to a decision of the competent authority.

02.4 Information about services (marketing and business communications)

For the purpose of providing information about our services, we may process personal data of our users, potential users and their employees, including first name and last name, email address, telephone number and job title.

Such data may be processed:

• based on consent (e.g., newsletter or direct sending of offers where consent has been obtained), or
• based on legitimate interest (e.g., informing existing business contacts about related services).

You may opt out of receiving such communications at any time (unsubscribe/removal from the database). If processing is based on legitimate interest or carried out for direct marketing purposes, you have the right to object at any time and we will stop such processing.

Retention period: consent is valid until withdrawn. For communications based on legitimate interest, we retain data while a business relationship exists or until you object, and no longer than reasonably necessary for the stated purpose.

02.5 Responding to enquiries via the contact form

For the purpose of responding to enquiries submitted by users of our website www.shipshape-solutions.com via the contact form, we may process your personal data including first name and last name, email address, telephone number and IP address.

Such processing is based on our legitimate interest (responding to enquiries and conducting communications) or on taking steps at the request of the data subject prior to entering into a contract, depending on the nature of the enquiry.

Retention period: your personal data will be processed for the time necessary to fulfil this purpose, i.e., until the communication is completed and for an additional reasonable period to document the communication and protect our legal interests, unless longer retention is required due to court/administrative proceedings.

02.6 Use of the website – necessary cookies

For the purpose of enabling the use of our website www.shipshape-solutions.com, we may process your personal data including online identifiers, necessary (technical) cookies and related technical data required for the website to function (e.g., security, core functionalities).

Legal basis: our legitimate interest in ensuring a functional and secure website.
Retention period: data is processed and stored for the period necessary to ensure the website’s functionality, i.e., in accordance with the duration of necessary cookies.

Visitors are not required to provide personal data to use most of the website’s functionalities. However, visitors who wish to send an enquiry via the contact form available on our website must enter their first name and last name, mobile phone number and email address.

02.7 Google Analytics – only with consent

In addition to the data collected through our website as described above, we use technology to automatically collect data on the use of our website via Google Analytics solely for the purpose of creating statistical reports.

Legal basis: Google Analytics and analytics cookies are used only with your consent given via the cookie banner/cookie settings. Analytics is not activated before consent.

You can withdraw or change your consent at any time via the “Cookie Settings” link on the website. More information about cookies and settings is available in our Cookie Policy.

02.8 Establishment and/or defence of legal claims

In addition, we may process and store your personal data including first name, last name, telephone number, email address and contract identification number for the purpose of establishing, protecting and/or defending our potential claims in the future.

Legal basis: our legitimate interest (protection of legal interests) or, where applicable, the legitimate interest of a third party.
Retention period: personal data will be processed for the period necessary to fulfil this purpose, but not longer than reasonably necessary in view of limitation periods and/or the duration of proceedings, and generally no longer than ten years after termination of the contractual relationship, unless longer retention is required in a specific case due to court/administrative proceedings.

Any changes to this Notice will be posted on our web pages https://www.shipshape-solutions.com/ and available through the usual communication channels.

We will process your personal data in a manner and for the purposes determined in this Privacy Notice. Collecting and processing of your personal data is carried out in accordance with the data protection legislation in force, especially in accordance with Regulation (EU) 2016/679 (herein: “General Data Protection Regulation”), Act on Implementation of General Data Protection Regulation (OG, no. 42/2018) and other applicable privacy and data protection legislation.

The controller of your personal data for the purposes stated in this Notice is Shipshape d.o.o., Frana Folnegovića 6e, Zagreb, OIB: 49864588217 (“Shipshape”). For any requests relating to the processing of your personal data or for exercising your rights referred to in section 07 of this Notice, please contact us at: info@shipshape-solutions.com.

In certain cases, your personal data may be shared with trusted third parties providing administrative and technical support, i.e., data processors applying appropriate technical and security measures and mechanisms to ensure personal data protection.

We may also share your personal data with public authorities where required by applicable law and within their legal powers, as well as with external advisors and other personnel bound by confidentiality obligations. We carefully select and monitor the performance of such service providers.

Categories of recipients / data processors

Depending on the purpose of processing, data may be shared with:

• providers of hosting and IT maintenance services (website/system hosting and maintenance, security),
• providers of email and communication tools (receiving and handling enquiries, business communication),
• Google (Google Analytics) – only with consent for analytics cookies (website usage statistics),
• providers of accounting services (compliance with legal obligations),
• external advisors (legal/business) – where necessary for contract performance or protection of legal interests,
• competent authorities – where disclosure is required by law.

Transfers to third countries

If certain service providers process data outside the European Economic Area or have access to data from third countries, transfers are carried out with appropriate safeguards required by applicable law (e.g., Standard Contractual Clauses) and, where applicable, additional protective measures. Information about relevant safeguards is available upon request via the contact details provided in section 05.

Only a limited number of our employees will have access to your personal data. Employees are obliged to keep your personal data and the measures taken to protect it strictly confidential and may handle personal data only in accordance with our explicit instructions.

Upon your request, we will inform you whether personal data relating to you is being processed and which data it is. If all legal requirements are met, you have the right to rectification, erasure, or restriction of processing of personal data. You may withdraw any consents you have given and object to processing.

For this purpose, you may contact us via the channels indicated in section 05. You also have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format, and you may request the transfer of those data to you or to third parties.

We are required to respond to your request within one month from the date of receipt. In the case of complex requests, this period may be extended by a further two months, of which we will inform you.

You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency, Martićeva 14, 10000 Zagreb, www.azop.hr, if you suspect an infringement in the processing of your personal data.

If you give us your consent to process your personal data, you do so voluntarily and you have the right to withdraw or restrict consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn. If your personal data is processed for direct marketing purposes and/or on the basis of legitimate interest, you also have the right to object to such processing at any time.

We store your personal data only for as long as necessary to fulfil the purpose of the processing, typically for the duration of the contractual relationship or for the period expressly required by applicable law.

If we process your personal data based on your consent, such personal data will be processed only for the duration of the consent, which you may withdraw or restrict at any time. If you do so, we will stop processing the personal data for the purposes for which you provided consent.

After that, the data is deleted or anonymised, unless it must be retained for a certain period in accordance with company law, tax regulations or other regulations, in which case the same data will no longer be processed for other purposes.

Our website may contain links to third-party websites. If you click on such links, such third parties may collect certain information about you, such as IP address or search history, and may place cookies on visitor browsers. Please note that the processing of collected data is governed by the rules adopted by operators of such third parties and, therefore, this Notice does not apply.