SCOPE OF THE POLICY

Please read this Privacy Policy carefully to understand the policies and practices regarding personal data processed by WOLFPACK SOLUTIONS (hereinafter: “Wolfpack Solutions”, “we”) as the data controller. The Policy is intended for individuals who wish to access and/or have accessed the services provided by Wolfpack Solutions, with explanations on how we collect, use and disclose personal data in the course of conducting business activities.

Unless expressly stated otherwise, the terms below have the meaning given to them in Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: "General Data Protection Regulation", "GDPR") and the Act Implementing the General Data Protection Regulation (Official Gazette No. 42/18).

Wolfpack Solutions provides security consulting and training services as part of its business activities, including but not limited to seminars, tactical equipment development and testing, tactical equipment media promotion, customized private training, and firearms development consulting. More information about the available services is available on the Wolfpack Solutions website at https://www.wolfpack-solutions-croatia.com.

Additional information about the processing of personal data can be found in the table below.Name and contact information of the data controller:

WOLFPACK SOLUTIONS, obrt za savjetovanje i poučavanje iz područja sigurnosti, vl. Vedran Pavlić

Bjelovar, Augusta Harambašića 1D

wolfpack_solutions@protonmail.com

+385 98 948 7458

Personal data that is subject to processing

(i) name and surname, company name, personal identification number, email address, mobile phone number, citizenship, year of birth, occupation, residence address, information on possession of registered weapons, previous hunting, military or police experience, criminal record, IBAN

(ii) existence of limiting personal circumstances for participation in the activities that are the subject of the provided service

(iii) data about the web browser and device, time zone, IP address used to connect the device to the Wolfpack Solutions website, information about visits to individual links on the website, data about the websites or search terms that referred the data subject to the website

(iv) photographs

Purpose of personal data processing, i.e. legal basis for data processing

The purpose of the processing, i.e. the legal basis for the processing numerically correspond to the personal data listed above.

(i) The purpose of processing personal data is processing of orders and the organization of service provision by Wolfpack Solutions at the request of an individual, and the legal basis is taking actions at the request of the data subject before entering into a contract and executing a contract in which the respondent is a party pursuant to Article 6(1)(b) GDPR.

(ii) The purpose of the processing is to determine the individual's ability to participate in activities organized by Wolfpack Solutions, and the legal basis is the consent of the data subject pursuant to Article 6(1)(a) GDPR in the form of a completed service request form on the Wolfpack Solutions website.

(iii) The purpose of the processing is to improve the quality of our services and the user experience on the Wolfpack Solutions website, and the legal basis is the legitimate interest of the controller or a third party pursuant to Article 6(1)(f) GDPR.

(iv) The purpose of the processing is to publicly present Wolfpack Solutions in connection with the performance of its business activities of consulting and teaching in the field of security through promotional materials, and the legal basis is the consent of the data subject pursuant to Article 6(1)(a) GDPR in the form of a special Consent Form.

(v) The purpose of processing personal data from categories (i) – (iv) is also compliance with our legal obligations (for example, accounting regulations), and the legal basis is compliance with the legal obligations of the controller pursuant to Article 6(1)(c) GDPR.

(vi) The purpose of processing personal data from categories (i) – (iv) may also be the exercise or defense of legal claims, i.e. legal proceedings, and the legal basis is the legitimate interest of the controller or a third party pursuant to Article 6(1)(f) GDPR.

Legitimate interest of the controller or a third party, and the right to object to processing based on legitimate interest

Where the processing of personal data is based on the legitimate interests of the controller or of a third party pursuant to Article 6(1)(f) of the GDPR, the data subject shall have the right, on grounds relating to their particular situation, to object at any time to processing of personal data concerning them, including profiling based on those provisions. In the event of the objection, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Recipients of personal data, or categories of recipients

(i) Service providers and/or data processors. These are external organizations that may assist the controller in conducting its business and/or processing personal data on its behalf and under its instructions. Access to personal data is permitted to selected personnel and only for the specific tasks they have been asked to perform, based on the controller's instructions.

(ii) Recipients of personal data for legal causes. Courts, administrative authorities, data protection supervisory authorities, etc. have the right to access personal data if necessary for the purpose of exercising or defending legal claims or for the purpose of legal proceedings.

(iii) Other data controllers. During the performance of Wolfpack Solutions services and business, it is possible that personal data is delivered to organizations that independently and in their own name determine the purpose and method of processing, such as the postal service in the case of delivering documents and/or submissions by mail.

Transfer of data to a third country or international organization

Personal data are not transferred to third countries or international organizations. If in the future personal data are transferred to third countries, and this is a country not covered by the European Commission's adequacy decision, the controller will ensure the protection of personal data through the implementation of appropriate safeguards, such as standard contractual clauses on data protection adopted by the European Commission and/or the competent supervisory authority.

Personal data storage period

Personal data will be stored in a form that allows the identification of the respondent only as long as it is necessary for the purpose of processing and there is a valid legal basis.

In other cases, personal data will be retained for the duration of any applicable limitation period (i.e. any period during which a person could bring a legal claim against the data controller) and for an additional 2 months after the expiry of the applicable limitation period (to enable the identification of the personal data subject who may bring a claim at the end of the applicable period).

Additionally, in the event of any relevant legal proceedings being initiated, personal data is retained for the duration of the dispute and for 10 years after the final decision therein (the statute of limitations for exercising rights arising from the final court decision or decision of another state authority).

Rights of data subjects

The data subject may request from the data controller access to personal data concerning them, rectification or erasure thereof, restriction of processing, the right to object to the processing of such data and the right to data portability. If the legal basis for the processing of certain personal data is solely the data subject's consent, the data subject shall have the right to withdraw consent at any time, without this affecting the lawfulness of processing based on consent before its withdrawal.

Withdrawal of consent is submitted in writing to the email address wolfpack_solutions@protonmail.com

Exercising data subjects rights

Detailed rules for exercising the rights of data subjects regarding the processing and protection of their personal data are contained in the GDPR in Articles 12-23 and 77-82, as well as in the Croatian Act on the Implementation of the General Data Protection Regulation, Articles 34-55. When exercising rights regarding personal data, the data subject may first request the exercise of the same rights from the controller. If the data subject believes that the controller is not allowing the exercise of their rights or does not allow the exercise of them in accordance with legal regulations, the data subject may contact the supervisory authority or court listed below.

Addressing the supervisory authority, complaint and request for determination of a violation of rights

If the data subject believes that the processing of data relating to them violates their rights or legal regulations relating to the protection of personal data, the data subject has the right to file a complaint or request for a determination of the violation of rights with the supervisory authority:

Name: Croatian Personal Data Protection Agency – AZOP

Headquarters: Zagreb

Ulica grada Vukovara 54, 10 000 Zagreb
Tel. 00385 (0)1 4609-000

Fax. 00385 (0)1 4609-099

E-mail: azop@azop.hr

www.azop.hr

Right to appeal to court

No appeal is permitted against the decision of the supervisory body deciding on the request for determination of a violation of rights. However, the data subject has the right to initiate an administrative dispute by filing a lawsuit with the administrative court.

What is the basis for providing personal data?

Providing personal data of persons authorized to represent the data subject as well as personal data of the data subject's employees where applicable is a condition for concluding and executing the agreement on provision of services, and without the same data it is not possible to conclude the agreement or use the services provided by Wolfpack Solutions to the full extent.

Automated data processing

The data subject is not subject to a decision based solely on automated data processing, including profiling.

Privacy Policy Changes

The data controller reserves the right to change the Privacy Policy at any time. The Privacy Policy was last modified on January 27, 2025.

WOLFPACK SOLUTIONS