This Privacy Policy details the manner in which we deal with your personal data when you access our website It is possible to use our website without submitting any personal data, however if you wish to use special servers and services that we provide through our website, you will have to submit your personal data. Therefore, this Privacy Policy is designed with the intention of providing information about the nature, scope and purpose of personal data that we collect and process on our website, and to inform you about your rights.

Pan-pek d.o.o, as the Controller of your personal data, implements technical and organizational measures to ensure the complete protection of personal data processed through this website. However, it is widely known that data transmissions via the Internet are, on principle, not completely secure, and we therefore point out that the absolute protection of your personal data may not be guaranteed. Please read this Privacy Policy carefully to learn how we collect, use, process and protect your personal information.

Name and address

Pan-pek d.o.o. is the Data Controller for the purpose of the implementation of the General Data Protection Regulation (GDPR) and other data protection laws that apply in the member states of the European Union and other provisions related to data protection, and in case of any inquiries or requests with regards to the protection of your personal data, you can contact us via our email address or by post to the Company’s registered seat Planinska 2c, Zagreb Croatia.


When you view our website, we may store some information on your computer in the form of a "cookie" in order to automatically recognize your computer on your next visit. Cookies can help us in various ways, for example to better adapt the website to your interests or to store your password so that you avoid entering it every time you visit the website. If you do not wish to receive cookies, adjust the settings of your Internet browser to delete cookies from your computer's hard drive, block all cookies, or receive a warning before storing cookies.

Collection and processing of personal data

Through our website, we only collect personal data that you, as a user, enter independently. Data are collected through available web forms or through contact with our employees via email. The collection of such data is necessary for the performance of our services, marketing, invoicing, collection, delivery of purchased goods and services, and as a fulfilment of the guarantees that arise from the business relationship, and which were collected in compliance with the Terms of Use.

Through the user account and contact with employees, we can collect the following personal data (name, surname, street, house number, city/town, postal code, email address, telephone number).

We use the information collected when creating a user account on our website for the following activities:

  • Inquiry (general inquiry)
  • Media inquiry
  • Product complaint
  • Compliment letter
  • Complaint

By submitting your personal data, you give your consent to the Company to use them with the purpose of responding to your inquiry, processing your complaint, or providing access to special information or offers. Furthermore, in order to establish a relationship with you as a user, we may store and process personal data to better understand your business needs and to improve our products and services; we may use personal data to contact you with respect to Pan-pek d.o.o. offer and in order to manage your business needs or to conduct an online survey that would help us better understand customer needs.

If you do not wish your personal data to be used in customer relationship management (in particular for direct marketing or market research), we shall be obliged to respect your choice.

When we use such data and information, we do not draw any conclusions about the user. We need this information in order to: correctly deliver the content of our website and respond to inquiries, optimize the content and advertisements on our website, and to provide information to law enforcement authorities in cases when it is so regulated. With the aim of increasing the protection and security of data, Pan-pek may analyse the collected personal data, as well as ensure the optimal level of protection of the personal data being processed. Anonymous server(log)data is stored separately from all personal data provided by the user.

The General Regulation on the Protection of Personal Data (GDPR) stipulates our right (legitimate interest) to process your personal data for the purposes of direct promotion (marketing) and profile creation in connection with such promotion, to the extent that it does not infringe your interests, freedoms and rights . However, in order to ensure more complete protection of your personal data, rights and interests, before processing your personal data for the purpose of direct promotion (marketing), we shall require your express consent for such processing.

Third party links

We do not offer or provide any third party services or products on our website.

Use of Google Analytics

This website uses Google Analytics functionalities for the purpose of web analysis. The provider is Google Inc.,1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses cookies.

When you visit this website, cookies are used to generate data that Google collects and processes. You can disable this by downloading and installing the browser plug-in available at the following link:

You can find more information about the processing of user data by Google Analytics in Google's Privacy Policy:

Alternatively, you can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to disable the collection of your data during future visits to this website.

Onemogućivanje usluge Google Analytics



Personal data that you submit to PAN-PEK d.o.o., Zagreb, Planinska 2C, PIN: 58203211592 by subscribing to the newsletter (your name and email address), shall be processed by the Company for the purpose of newsletter delivery.

Lawfulness of processing

The processing of your data in carried out on the basis of your consent, which is provided for and permitted under Article 6, paragraph 1, point (a) of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Providing the abovementioned personal data to PAN-PEK d.o.o. does not constitute any legal or contractual obligation. However, the processing of personal data that you submit is necessary in order to enable PAN-PEK d.o.o. to send you the newsletter. Without this personal data, PAN-PEK d.o.o. shall not be able send you the newsletter.    
You have the right to withdraw your consent at any time free of charge. The processing of your personal data shall be lawful until the withdrawal of your consent. If you wish to withdraw your consent and unsubscribe from the newsletter, you may do so simply by clicking on the "unsubscribe" link, or by sending an email to the address: .


Withdrawal of your consent by means of unsubscribing from the newsletter shall be automatically recorded in the newsletter database. This means that you shall stop receiving any new newsletters starting from the moment you unsubscribe. The final erasure of your data will take place within one month from the day you unsubscribe, provided that the regulations in force do not prevent erasure.

Your rights as the data subject

As the data subject you have the following rights: the right of access by the data subject (Article 15 of the General Data Protection Regulation), the right to rectification (Article 16 of the General Data Protection Regulation), the right to erasure (Article 17 of the General Data Protection Regulation), the right to restriction of processing (Article 18 of the General Data Protection Regulation), the right to data portability (Article 20 of the General Data Protection Regulation) and the right to object (Article 21 of the General Data Protection Regulation) in compliance with the conditions specified in the General Data Protection Regulation. If you wish to exercise any of the rights listed, please contact PAN-PEK d.o.o. (contact details listed below). If you deem that the processing of personal data in any way infringes your rights, please inform us about your concerns (contact details listed below). Additionally, if you deem that the processing of personal data in any way infringes your rights, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency.

Contact information

You can contact us by email at the address:

Social media - Facebook

On its websites, the Data Controller may integrate or has integrated components operated by Facebook. Facebook is a social medium.

A social medium is a social meeting place on the Internet, an online community that usually allows users to communicate and interact with each other in a virtual space. A social medium can serve as a platform for an exchange of opinions and experiences or allow the Internet community to provide personal or business information. Facebook allows users of the social media to turn on the creation of private profiles, upload photos and network through friend requests.

Facebook operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States of America. For persons residing outside the United States of America or Canada, the Data Controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each visit to one of the individual pages of this website, which is managed by the Controller and on which the Facebook component (Facebook plug-in), is integrated, the web browser on the data subject’s information system automatically requests the download of the display of the corresponding Facebook component from Facebook via the Facebook component. An overview of all Facebook plugins can be accessed at During this technical procedure, Facebook is aware of which specific sub-page of our website was visited by the data subject.

If the person is logged into Facebook at the same time, Facebook detects every access of the data subject to our website and for the entire duration of the stay of the data subject on our website, it records data about his activities on our website. This data is collected via the Facebook component and is linked to the respective Facebook account of the data subject. If the user clicks on one of the Facebook buttons integrated into our website, e.g., the"Like"button, or if the data subject submits a comment, then Facebook matches this data with the personal Facebook user account of the data subject and stores the personal data

Facebook always receives, via the Facebook component, information about a visit to our website by the data subject, whenever the data subject logs in at the same time on Facebook during a visit to our website. This happens regardless of whether the data subject runs the component on Facebook or not. If the data subject wishes to avoid such a transfer of data to Facebook, he or she can disable this by logging out of their Facebook account before a visit to our website is made.

The Data Protection Guidelines published by Facebook, available at, provide information on the collection, processing and use of personal data by Facebook. In addition, it explains which settings Facebook offers to protect the privacy of data subjects. Various configuration options are also available which enable the removal of data transfer to Facebook, e.g., Facebook blocker from service provider Webgraph, available at This application can be used by the data subject to disable the transfer of data to Facebook.

Videos - YouTube

Our website contains links to videos from YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. By visiting a web page on our website that contains such a video, you establish a direct connection between your browser and the YouTube server when you activate the video.

YouTube receives information that you have visited our website from your IP address. If you click on a video link, the IP address will be forwarded to YouTube. We would like to point out that, as the provider of our website, we have no knowledge of the content of the transmitted data or its use by YouTube. For more information, see YouTube Privacy Policy (

Data protection

The security of your personal data is extremely important to us. Therefore, we have ensured that your personal data is processed and used in a safe manner and in compliance with all applicable legal regulations and best practices. We implement appropriate technical, physical and organizational measures to protect data from security risks, including accidental, unauthorized, unlawful or otherwise unwanted data access, data destruction, loss or disclosure. We ensure a level of security that corresponds to the risks of data processing.

Your data is stored on a protected internal server infrastructure to which external access is denied to anyone, except for persons authorized for maintenance, and access to personal data is only available to our authorized employees, i.e., contractual collaborators with limited processing rights in accordance with the rules contained in this Privacy Policy.

Data storage and data retention

We store and protect your personal data for the duration of your business relationship with us, that is for the duration of time necessary to realise the corresponding described purposes, i.e., for the duration of time you opt to maintain contact with us and/or for the duration of time you consent to receive our notifications according to the selected settings you informed us about when providing your personal data, or until you withdraw the consent that you have given us for certain purposes.

After you unsubscribe, we shall store and retain your personal data for a maximum of 12 (in letters: twelve) months from the date of receipt of subscription for the purpose of recording in the event of possible subsequent inquiries, requests or disputes, unless a special (shorter or longer) period has been determined for certain purposes, either based on the provisions of applicable legal regulations, or for the protection of both our and your legitimate interests, or the interests of third parties.

When you unsubscribe, withdraw your consent, request to limit the processing of your personal data, or any when we receive any similar objection, we shall immediately terminate any marketing communications with you and deactivate your personal data, and they shall be subject only to data storage before their permanent erasure or destruction in another manner.

All data shall be stored in the databases and repositories of our servers. We shall not transfer or store data in countries outside the European Union.

Your rights under the General Data Protection Regulation

Users of our services have the following rights based on the General Data Protection Regulation (GDPR):

  1. Right of access: You have right to obtain confirmation as to whether or not personal data concerning you are being processed at any time, and, where that is the case, to obtain information how your personal data are being processed and you may request access to your personal data, as specified in Article 15. of the General Data Protection Regulation, including the right to obtain a copy of the personal data undergoing processing. At your request to exercise the right of access, we shall deliver the data and information in electronic form (by means of email), unless you have failed to stipulate an email address in your request or you have specifically requested delivery by post.
  2. Right to rectification: You have the right to obtain, without undue delay the rectification of inaccurate personal data concerning you, and to have incomplete personal data completed, including by means of providing a supplementary statement.
  3. Right to erasure: You have the right to have your data erased, without undue delay, if one of the following conditions applies:
  1. where your personal data are no longer necessary in relation to the purpose for which it was collected or processed;
  2. where you withdraw your consent to the processing (marketing and special categories of data) and there is no other lawful basis for processing the data;
  3. where your personal data have been unlawfully processed;
  4. where your personal data have to be erased in order to comply with a legal obligation;
  5. where you object to the processing pursuant to Article 21 of the GDPR and there is no overriding legitimate grounds for continuing the processing
  1. Right of restriction of processing: You have the right to obtain restriction of processing of your personal data if you contest the accuracy of the personal data processed, if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, if you have objected to processing or if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
  2. Right to data portability: You have the right to have your personal data transmitted directly from one controller to another, providing the processing is based on consent or where it is carried out for the purpose of executing a contract to which you are a party or if the processing is carried out by automated means. You have the right to direct transmission from controller to another, where technically feasible.
  3. Right to withdraw consent: If we engage in processing of your personal data based on your consent, you may withdraw that consent at any time by sending a request to our email address gdpr@panpek.htr without affecting the lawfulness of the processing arising from that consent.
  4. Right to object automated individual decision-making, including profiling: We use your data to personalize and adapt services and promotional (marketing) materials to you. We personalize services and materials by creating profiles that help us to better understand your interests. Profiling does not restrain you from choosing the services we provide.

We apply automated decision-making in such a manner that, depending on the profile created or the data you have provided, the computer programme delivers an offer and/or advertising (marketing material) without human intervention. The described automated decision-making does not in any way restrain you in the choice of services we provide. You have the right to object to automated data processing and profiling at any time.

  1. Right to lodge a complaint with a supervisory authority: If you deem that the processing of personal data is not compliant with the General Data Protection Regulation, you have the right to lodge a complaint to the competent supervisory authority at any time. The competent national authority in the Republic of Croatia is the Croatian Personal Data Protection Agency, Martićeva 14, 10 000 Zagreb.
  2. Administrative fee: Your rights shall be exercised free of charge, and an administrative fee shall be charged only exceptionally. In the event when the conditions for are met to charge the administrative fee, pursuant to the General Data Protection Regulation, we shall duly inform you before charging the fees.

Notification of a personal data breach

In the case of a personal data breach, we shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify you and the competent supervisory authority on the personal data breach, the likely consequences on our services and describe the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons, and in the following cases:

  • where there are technical and organizational protection measures in place (such as encryption) that have been applied to the personal data affected by the personal data breach, which make that data unintelligible to any person who is not authorized to access them;
  • where we have taken follow-up measures to ensure that a high risk to the rights and freedoms of individuals is no longer likely to occur;
  • where this would require a disproportionate effort (in which case we shall inform you through the means of public information or similar equally effective measure).

A breach of personal data is any breach of security that leads to the accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to personal data that have been processed, stored or transmitted.


By using this website, you consent to this Privacy Statement.

Modification of the Privacy Policy

We shall notify on any modifications of our Privacy Policy on this website and update the Privacy Policy modification date below as follows.

This Privacy Policy was last modified on 1 October 2019.