Skip to main content
Back to top

Personal Data Protection Policy

Personal Data Protection Policy

MECODES d.o.o. has adapted its practices to comply with the GDPR, i.e., Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

The aim of this Privacy Policy is to describe how we obtain personal data relating to data subjects (customers, citizens). It outlines how personal data are collected and processed, as well as the purposes for which such data are used. This Privacy Policy provides a guideline on the rights of data subjects regarding the collection and further processing of their personal data, with the aim of safeguarding their personal data, i.e., protecting their privacy.

Collecting personal data on the web or by e-mail

Visitors can visit our website without providing their personal data. This means that we do not collect visitor data unless the visitors provide their personal data of their own accord via our official e-mail for the purpose of contacting us or to receive offers. This applies to open job applications and resumes as well. By providing such data, data subjects are giving their implied consent to the collection and processing of their personal data. The data collected will not be made available to unauthorized third persons in any way except as required by law. All data shall be erased when no longer necessary in relation to the purposes for which they have been sent or collected. The amount of data collected by MECODES d.o.o. for which the purpose of processing cannot be explained is minimal.

Consent management

Consents are freely given, informed and unambiguous indications of the wishes of the data subjects (employees) by which they, by a clear affirmative action, signify agreement to the processing of personal data relating to them.

MECODES d.o.o. does most of its business with legal persons and is not required to obtain their consent because the obligation to obtain consent only applies to natural persons and their personal data. However, MECODES d.o.o. obtains consent from its employees. The employees have the right to withdraw their consent at any time.


Cookies are used to improve user experience, make our website function more efficiently, as well as track and analyze interactions and traffic on our website.

If the visitors turn off and/or block cookies, they can still browse our website, but there is a chance that some of its features and functionalities will not be available and access to some website functions may take longer than usual.

Data retention period and data processing timeframe

In some cases, MECODES d.o.o. is required to keep personal data for the period of time specified in the relevant regulations depending on the purpose. If there are no legal provisions on data retention periods, data retention shall be limited to the time necessary in relation to the purposes for which the data have been collected. Erasure of personal data shall be performed after the expiry of the mandatory period of time that MECODES d.o.o. is legally required to keep the relevant personal data or, as mentioned before, personal data shall be deleted when they are no longer necessary in relation to the processing purposes.

Technical and organizational measures

Within our organization, in accordance with the estimated level of risk for personal data, we have implemented a number of technical and organizational data security measures. These measures include office document protection, protection of computer systems, antivirus policies, destruction of data, employee conduct rules, contractual relationships with our external service providers, occasional audits of data privacy management systems, and many other measures.

Data subject (employee) rights

Data subjects are entitled to exercise the following rights at any time:

  • right of access and insight into personal data
  • right to information regarding personal data processing
  • right to data portability
  • right to withdraw consent
  • right to object
  • right to rectification and modification of inaccurate or incomplete personal data
  • right to erasure in case that the personal data are no longer necessary in relation to the purposes for which they were processed, in case of withdrawal of consent or objection to processing

How to exercise your rights

If you want to exercise some above-mentioned rights, please contact our Data Protection Officer at +385 91 578 5880 or by email: