The data protection rules are based on six core commitments:

• Privacy Respect - Dinamo respects user privacy and choices, monitoring impacts on privacy and security.
• Limited Data Use - Personal data is used only for stated purposes with user notification. Promotional materials are sent only if requested, with the right to withdraw consent at any time.
• Non-Commercial Sharing - Data is never sold or offered to third parties; only trusted partners with equivalent protections access information.
• Security Obligation - The club partners exclusively with reliable entities for data protection.
• Transparent Operation - Personal data usage follows open, transparent principles.
• User Rights - Dinamo respects user rights and fulfills requests within legal and operational constraints.

GNK Dinamo

Maksimirska 128, 10000 Zagreb, Croatia

Tax ID: 93376857458

Website: www.gnkdinamo.hr

Personal data comprises information enabling direct identification (name) or indirect identification with reasonable effort. Examples include email addresses, home addresses, phone numbers, usernames, profile pictures, personal preferences, IP addresses, MAC addresses, and cookies.

Dinamo collects data through websites, forms, applications, and product sales. Data is obtained directly from users, through cookie technology, or from third parties.

Mandatory vs. Optional Fields

Required fields (marked with asterisks) are necessary for:

• Contract execution (product delivery)
• Service provision (newsletter delivery)
• Legal compliance (invoice issuance)

Account Creation and Management

Data Collected: Name, surname, gender, birth date, email, home/delivery address, phone number, username, social media reference point.

Purposes: Order fulfillment, contest/survey participation, user communication.

Legal Basis: Contract necessity or pre-contract actions.

Newsletter and Promotional Content Subscription

Data Collected: Name, surname, birth date, contact source/referral.

Purpose: Promotional offer delivery (consent-based).

Legal Basis: User consent.

Purchase and Order Management

Data Collected: Name, surname, birth date, email, home/delivery address, phone, contact source, purchase and payment information.

Purposes: Order fulfillment, delivery coordination, product availability notification, payment processing.

Legal Basis: Contract necessity.

Promotional Activities and Contests

Data Collected: Name, surname, birth date, gender, email, phone, home/delivery address, contact source, user-generated content (videos, photos, competition results, comments).

Purposes: Contest administration, eligibility verification, archival and statistical uses.

Legal Basis: Contract necessity; Legitimate interests for statistical purposes.

User-Generated Content

Data Collected: Name/pseudonym, email, photo, personal description/preferences, social media profile, user-shared information (reviews, photos).

Purposes: Content publication per agreed terms; product promotion.

Legal Basis: User consent.

Inquiry and Support Requests

Data Collected: Name, surname, birth date, email, home/delivery address, phone, contact source.

Purpose: Request response and inquiry handling.

Legal Basis: Contract necessity; Official authority execution.

Cookies are small text files stored in device memory by browsers. They retain information (language, page settings) for transmission during subsequent visits.

Dinamo uses two categories:

• Functional cookies - Essential for website operation
• Additional cookies - Analytics and marketing purposes

Additional cookies require prior user consent via notification upon first visit. Users may disable cookies via browser settings, though functionality may be reduced.

Google Analytics

Dinamo employs Google Analytics (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google analyzes website usage on Dinamo's behalf. Information about website usage (origin URL, visited pages, browser type, language settings, operating system, display resolution) transfers to Google's U.S. servers for storage and analysis.

Results are provided anonymously; data remains unlinked to full IP addresses. Google maintains EU-U.S. Privacy Shield certification, ensuring appropriate data protection standards.

Google Remarketing

Google Remarketing (operated by Google Inc.) displays targeted advertisements to previous website visitors across Google's network and partner sites based on user interests.

Remarketing places a cookie on user systems, enabling recognition of previous visitors who then see Dinamo advertisements on Google or affiliated websites while browsing related content.

Facebook Pixel

Dinamo uses Facebook Pixel to display personalized content and enhance user experience. Facebook Pixel enables understanding of website usage and ad targeting to interested users.

With each visit to integrated websites, the web browser automatically identifies itself with Facebook, transmitting personal data including IP addresses and browsing behavior for targeted advertising.

Dinamo's website occasionally contains links to partner and social media websites. These sites have independent privacy policies; Dinamo bears no responsibility for them. Users should review external policies before sharing personal data.

Social login options share profile data based on platform settings. Users should review social platform privacy policies to understand data sharing implications.

User-generated content on Dinamo's social platforms is publicly accessible. Exercise caution when sharing sensitive personal information such as financial details or address information, as Dinamo holds no responsibility for third-party actions regarding posted data.

Third parties access personal data only with explicit user consent. When consent is granted, third-party data controllers process information according to their own terms, conditions, and privacy rules. Users should review third-party policies before consenting.

Dinamo entrusts specific business tasks to third parties as data processors for stated purposes. Data sharing remains minimally necessary for task completion.

Third-Party Service Providers

Dinamo may share data with:

• Delivery Partners - Postal and delivery services
• Technical Support Providers - Platform providers, server hosting, database maintenance and support, software and application providers potentially containing personal data
• Payment Services - Payment processors and credit agencies for creditworthiness assessment and verification
• Marketing Partners - Advertising, marketing, digital advertising, and social media advertising agencies assisting with campaign execution, effectiveness analysis, and contact management

Dinamo stores collected data on its own servers or third-party service provider servers. Data may transfer outside the European Economic Area (EEA) and be accessed or stored there.

Dinamo transfers personal data outside the EEA only securely and legally. Since some countries lack comprehensive data protection laws, Dinamo implements necessary measures ensuring third parties comply with policy obligations.

Retention Periods

Personal data is retained only as long as necessary for stated purposes, user needs, or legal obligations.

Retention criteria include:

• Purchases - Duration of contractual relationship plus five years post-purchase
• Promotional Activities - Contest/survey duration plus one year maximum
• Inquiries - Processing duration plus three years maximum
• User Accounts - Until deletion request or site closure
• Direct Marketing - Until subscription cancellation or deletion request
• Cookies - Duration serving their purpose or as legally required
• Legal Obligations - Retention for legal/regulatory compliance and rights management
• Statistical Data - Retention for records and analytics

When personal data is no longer needed, Dinamo removes it from systems and archives or anonymizes it preventing user identification.

Dinamo is obligated to protect personal data and implement necessary measures ensuring protection. Third parties processing personal data are contractually bound to identical protection standards.

Dinamo implements rigorous procedures and security features preventing unauthorized access. Internet data transmission is not completely secure, so Dinamo cannot guarantee security for data sent to the website. Users assume transmission risks.

GNK Dinamo respects user privacy rights, enabling personal data management. Users possess the following rights:

• Right to Data Access - Users may obtain personal data collected about them.
• Right to Data Correction - Users may correct inaccurate personal data.
• Right to Erasure ("Right to Forget") - Users may request deletion of all data subject to conditions outlined in Article 17 of the General Data Protection Regulation.
• Right to Marketing Cessation - Users may withdraw consent for direct marketing use of personal data.
• Right to Automated Decision-Making Control - Users possess the right to independent determination regarding automated processing-based personal data.
• Right to File Complaints - Users may lodge complaints with the supervisory agency (Personal Data Protection Agency, Selska cesta 136, Zagreb) if processing violates General Data Protection Regulation requirements.

Dinamo may request identity confirmation for request processing.

Dinamo periodically updates its Privacy Rules. Updates are published on the website. Amendments become effective upon publication. Users are advised to regularly visit the site for potential updates.