The privacy of our website’s users is very important to us, which is why we have developed this Privacy Policy so that you can understand how we collect, process, disclose, and use your personal information. Ignit Group d.o.o. as the Data Controller of the service and personal data ensures that: 1. Data shall always be collected for specified and clearly defined purposes and to the extent necessary to achieve those purposes. 2. Personal data shall be kept for as long as necessary to achieve these purposes. 3. Personal data shall be collected lawfully and fairly at all times, where appropriate, with the knowledge or consent of the data subject. 4. Personal data is protected with reasonable safeguards against loss or theft, as well as against unauthorized access, disclosure, copying, use or modification. 5. Its clients are provided with information about the rules and practices relating to personal data management.

Article 1. Privacy and Processing Information

1. The Data Controller of personal data is Ignit Group d.o.o. with headquarters in the Republic of Croatia, Zagreb (Official Gazette 42/18, hereinafter: the Law), Roberta Frangeša Mihanovića 9, registered in the court register of the Commercial Court in Zagreb under the registration number MBS: 081444894, Personal Identification Number (OIB): HR64847933989 (hereinafter: Company). 2. Ignit Group do.o.o as a personal data Controller (hereinafter referred to as "Controller") pays great attention to the protection of privacy and confidentiality of personal data of Users who make their data available in electronic form through forms available on the website in the domain ignit.group (hereinafter referred to as "ignit.group") 3. The Data Protection Officer of Ignit Group d.o.o. is Matija Puskar who can be contacted via e-mail: [email protected] 4. The Controller shall, with due diligence, select and apply appropriate technical and organizational measures to protect personal data being processed. Full access to databases is granted only to persons authorized by the Controller. 5. The Controller protects personal data against unauthorized access and processing in violation of applicable regulations. 6.Visitors to ignit.group can browse through subpages of the website without providing personal data.

Article 2. Grounds for processing personal data

1. Personal data shall be processed by the Controller in accordance with the law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as 'GDPR'). 2. Personal data are processed to: a. answer questions addressed to the Controller through the contact forms available on ignit.group website, including interactive windows available on each subpage of the website (according to article 6.1.f of the GDPR); b. dispatch of marketing content, including information about planned events and workshops, business information, joining event community, newsletter or dispatch of eBooks and other information on the basis of the consent (Article 6(1)(a) of the GDPR); c. recruitment, including: - to establish and maintain contact with the Candidate in relation to the application documents submitted, pursuant to Article 6(1)(b) of the GDPR, i.e. in relation to taking action at the request of the data subject before concluding a contract, - carrying out and resolving the recruitment process based on Article 6(1)(b) of the GDPR, i.e. taking the necessary actions at the request of the data subject before concluding the contract - in the scope of data indicated in Article 221 §1 of the Labor Code and on the basis of the Candidate's consent, i.e. Article 6(1)(a) of the GDPR and in the scope of data beyond the catalog indicated in Article 221 §1 of the Labor Code, - to take account of the Candidate's application documents in future recruitment processes on the basis of his/her voluntary agreement (Article 6(1)(a) of the GDPR). d. establishing contact in order to prepare, at the Customer's request, an offer of the Controller's services and/or products tailored to the Customer's needs (Art. 6.1.b of the GDPR), e. adapting and developing the website's functionalities, including its structure and content to the needs of Internet users, creating aggregated statistics, and preserving the security and quality of services provided by the service - based on the legitimate interest of the Controller (Article 6(1)(f) of the GDPR); f. investigation or safeguard against possible claims (according to Article 6(1)(f) of the GDPR); g. conducting statistical analysis of information about participants of our events (according to Article 6 (1) (f) of the GDPR) where the legitimate purpose is to have information about the statistics which allows us to improve our activities. 3. Regardless of the purpose of the processing, providing the data is voluntary, however, failure to do so may prevent, depending on the specific case, the conclusion of a contract, use of selected services within the service and its functionality or receipt of marketing content. 4. The User should not provide the Controller with personal data of third parties. In case of transfer of third parties' data, the User is obliged to sign a declaration that s/he has the consent of third parties to transfer the data to the Controller.

Article 3. Scope of processing of personal data

The Controller processes personal data only to the extent necessary to achieve a strictly defined purpose, in accordance with the information indicated below: 1. Sending a message through the contact form, among others: e-mail address and telephone number and all other information that the User will provide of his/her own free will in the addressed message; 2. Sending newsletters, commercial and business information and e-books: name and surname, e-mail address, telephone number, among others; 3. Recruitment: the e-mail address from which the message was sent and the information contained in the application form; 4. Preparation of offers: name and surname, e-mail address, telephone number, and other information contained in the message sent through the contact form; 5. Customization and development of website functionality: IP addresses collected during Internet connections for technical purposes related to server administration. The Controller does not make automated decisions on the basis of data collected about Users.

Article 4. Data retention period

Personal data shall be kept only for the time necessary to achieve the specific purpose for which it was transmitted or to ensure compliance, as set out below: 1. Personal data collected for the purpose of answering questions asked via the contact form will be processed no longer than 12 months after the last contact; 2. Data collected for the purpose of sending marketing content, newsletters, commercial and business information and e-books will be processed until the withdrawal of consent by the User; 3. Personal data collected for the purposes of recruitment will be processed for the duration of the recruitment process, and if the Candidate agrees to leave the data for the purposes of future recruitments, they will be stored until the withdrawal of the consent, but not longer than 24 months from the date of its granting; 4. Personal data collected for the purposes of preparing a personalized offer for products and/or services will be processed for the duration of the offer negotiation, and after its completion for 12 months counted from the date of the last contact, or they will feed the Controller’s customer database in order to execute the concluded agreement.

Article 5. Recipients of personal data

1. Users' data may be made available to entities authorized to receive data in accordance with applicable laws, including relevant judicial authorities. 2. Personal data may be transferred to entities cooperating with the Controller on the basis of appropriate agreements, including selected marketing agencies and partners providing technical services (development and maintenance of IT systems and websites).

Article 5. Recipients of personal data

1. Users' data may be made available to entities authorized to receive data in accordance with applicable laws, including relevant judicial authorities. 2. Personal data may be transferred to entities cooperating with the Controller on the basis of appropriate agreements, including selected marketing agencies and partners providing technical services (development and maintenance of IT systems and websites).

Article 6. Rights of persons

1. The user is obliged to provide complete, current and up-to-date data. 2. Every user whose personal data is processed by the Controller is entitled to: a. access the data, b. correct the data, c. deletion of the data, d. restrict the processing of data, e. transfer the data, f. object to the processing of data which takes place on the basis of the Conotroller’s legitimate interest, g. withdraw consent (where processing is based on consent) at any time without affecting the lawfulness of processing carried out on the basis of consent before withdrawal. 3. You can exercise the rights set out in the above section by sending an appropriate request, providing your user name and e-mail address to [email protected]. 4. The user has the right to appeal to the supervisory authority if he considers that the processing of personal data violates the rules of the GDPR. 5. In order to unsubscribe from the communication, please select "Unsubscribe" button on the bottom of the e-mail you received from us, update email preferences in the second step by unchecking the types of email you do not want to receive and accept the settings. You can also contact us via [email protected] e-mail.

Article 7. Cookie policy

Ignit Group d.o.o collects data in logs, which are used only for the purposes of service administration, and these data are not transferred to third parties. 1. In accordance with established practice, we store HTTP queries addressed to our server. The resources viewed are identified by their URLs. The information collected in the logs is: - The public IP address of the computer from which the query came, - User station name - identification implemented by http protocol, if possible, - User name given during the authorization process, - Time for the inquiry to arrive, - First line of the http request, - The http response code, - The number of bytes sent by the server, - The URL of the page previously visited by the user, in case the Company's website was accessed via a link, - Information about your browser, - Information about errors that occurred in the execution of http transactions. 2. This data is not connected to specific people browsing the Controller’s pages. 3. In order to ensure the highest quality of service, the Controller periodically analyses log files in order to determine which pages are visited most often, which web browsers are used, whether the structure of the site does not contain errors, etc. 4. The collected logs are stored for 24 months as auxiliary material used to administer the service - on the basis of cookie files, statistics may be generated which do not contain any features identifying the persons visiting ignit.group. 5. The following types of cookies are used on the website: a. security cookies, e.g. used to detect misuse of authentication; b. "performance" cookies, enabling the collection of information on how to use the website; 6. Cookies are not used to process or store personal data. They cannot be used to directly identify the User and do not make any configuration changes in the browser or telecommunication devices.

Article 8. Transfer of data to third countries

Outside the European Economic Area (EEA), the level of personal data protection differs from that provided by European law (GDPR). Ignit Group d.o.o. transfers your personal data outside the EEA to third countries only if it is necessary to achieve business purposes (incl. the use of IT tools provided by third country entities) and when the third country ensures an adequate level of protection, in particular through: a. issued a relevant decision of the European Commission regarding the assurance of an adequate level of protection of Personal Data in that country, b. the use of standard contractual clauses issued by the European Commission, if a given country does not have a confirmed decision of the European Commission, c. application of binding corporate rules approved by the competent supervisory authority.