Privacy policy

You are here

Please, carefully read this Personal Data Processing and Protection Policy and the Terms of Use applicable to the use of the official website of Divjak, Topić, Bahtijarević & Krka Law Firm, www.dtb.hr (hereinafter referred to as: Website). If any provision of the Policy or the Terms is unacceptable to you, please refrain from accessing our Website.

 

In accordance with the General Data Protection Regulation (hereinafter: Regulation) and the General Data Protection Implementation Act, as well as the Legal Profession Act, Divjak, Topić, Bahtijarević & Krka Law Firm LLC from Zagreb, Ivana Lučića 2A (hereinafter referred to as: DTB), on May 17, 2018 issues the following

 

PRIVACY POLICY

Applicable from May 25, 2018

 

Section 1 Policy Application

When and how does this Policy apply to you?

1       This Policy applies to the Processing and Protection of Personal Data of all Data Subjects by DTB as the Data Controller, irrespective of the source of Personal Data or the method of Processing, including the Processing of Personal Data in the ordinary course of operation of DTB, as well as through the official website www.dtb.hr (hereinafter referred to as: Website), the official DTB profile on LinkedIn (hereinafter referred to as: Profile) and any other and/or subsequent forms of DTB’s presence on the internet if referenced to in this Policy (hereinafter, individually or jointly referred to as: Internet Pages).

2       This Policy applies to you if you access our Internet Pages or otherwise contact DTB. In addition to this Policy, the Terms of Use of our Website also apply when using the Website. Other than this Policy, the Terms & Conditions apply to all users of our Internet Websites as well. If any provision of the Policy or the Terms of Use is unacceptable to you, please refrain from accessing our Internet Pages, or from contacting DTB in any other manner.

3          In the event of amendments to this Policy, we will inform you in an appropriate manner on the Website and Profile, and the updated Policy shall contain the date of its effectiveness in the header. If any provision of the updated Policy is unacceptable to you, please refrain from accessing our Internet Pages and from otherwise contacting DTB from the date of effectiveness of the updated Policy.

Section 2 Data Controller and Data Protection Officer

Who is responsible for Processing of Personal Data of Data Subjects?

1          DTB is the Data Controller regarding the Processing of your Personal Data within the meaning of Section 1 of this Policy. You are free to contact us via the contact information stated here.

2       With regard to the Processing of specific Personal Data on our Profile, DTB and LinkedIn are considered to be Joint Data Controllers, in particular in the context of promoting, marketing and/or advertising, including targeted advertising and profiling that LinkedIn may perform in accordance with its own policies and terms, especially as set out in LinkedIn’s Privacy Policy, Cookie Policy, User Agreement and Ad Choices. Before accessing our Profile, we recommend carefully reviewing all the applicable LinkedIn rules, especially the Policies and Agreement referred to herein.

3       DTB has appointed a Data Protection Officer whom you may contact in case of any questions, remarks, requests, complaints, or other comments regarding our Processing of your Personal Data, by using contact information provided here.

Section 3 Categories of Data Subjects

Whose Personal Data do we Process?

DTB Processes Personal Data of the following categories of Data Subjects:

(i)         Clients-natural persons, including small businesses, or other forms of individual performance of professional vocations or economic activities;

(ii)        Business Partners-natural persons, including small businesses, or other forms of individual performance of professional vocations or economic activities;

(iii)       legal representatives (e.g. directors) and/or employees in legal entities who are our Business Partners, Clients, or counterparties;

(iv)       Third-Party Individuals, especially:

-           Counterparties-natural persons;

-           proxies of counterparties-natural persons;

-           other participants-natural persons in legal proceedings and other cases;

-           judges and other officers and employees of the courts and other competent governmental authorities;

-           witnesses;

-           court experts;

-           court interpreters;

-           notaries public; and

-           other individuals.

(v)        visitors of our Internet Pages.

Section 4 Obligation to Provide Personal Data

Is the Processing of Personal Data of Data Subjects voluntary or mandated by law? What are the consequences of not providing your Personal Data?

1       Processing of most Personal Data is prescribed by the relevant legal regulations in the field of legal profession, corporate and commercial law, accounting, tax law, etc., and is therefore obligatory, i.e. you are obligated to provide your Personal Data and we are, in turn, obligated to Process such information in accordance with such regulations. If you do not provide us with such obligatory Personal Data, we will not be able to provide you with the necessary legal assistance or conclude other types of business (contractual) relationships or remain in such a business (contractual) relationship.

2       The disclosure and Processing of Personal Data of the Data Subjects may be a contractual obligation of our Client or Business Partner and a necessary condition for regular business communication. In other words, the disclosure of Personal Data by Data Subjects in such cases is related to their employment or other relevant capacity with our Client or Business Partner and their business relationship with us.

3       Providing  certain types of Personal Data of Data Subjects may be voluntary for specific Purposes, i.e. the only consequence of non-disclosure would be the inability of the Data Subject to obtain certain benefits which we would otherwise be able to provide on the basis of a voluntary and informed consent which they may withdraw at any time. For example, accessing and using our Internet Pages is voluntary, i.e. it depends solely on the interest and decision of the Data Subject.

Section 5 Sources of Personal Data

From which sources do we collect Personal Data?

1          We primarily collect Personal Data directly from Data Subject whenever possible.

2       In specific cases, in particular when we are not in direct contact with the Data Subject, e.g. in case of Third-Party Individuals or employees of our Clients and Business partners who are legal persons, we may collect Personal Data indirectly – from the documentation provided to us or from public sources, such as public registries, public books, or other documentation from government authorities, etc.

3       We may also Process certain Personal Data, which was created in the context of, or as a result of providing our legal services with regard to the relevant Data Subject, Client, Business Partner, or Third-Party Individuals.

Section 6 Legal Basis for the Processing of Personal Data

On what legal basis do we Process the Personal Data of Data Subjects?

1          DTB may Process the Personal Data of Data Subjects on any one of the following Legal Bases referred to in Section 6 Paragraph 1 of the Regulation:

(i)         conclusion and performance of legal services contracts (Point (b));

(ii)        fulfillment of legal obligations by DTB (Point (c)). Such Processing may be necessary on the basis of applicable legal regulations, e.g. tax law, commercial/corporate law, criminal law, anti-money laundering laws, etc., including in connection with supervision carried out by competent governmental authorities, as well as in case of legal obligations to provide data;

(iii)       achieving legitimate interests of DTB or third parties (Point (f)), e.g. exercising due diligence in selection of Business Partners, conduct of business and management of Client relations, protection of persons and assets, information on services, etc.;

(iv)       protection of vital interests of the Data Subject or other individual (Point (d)), i.e. where the Processing is necessary for the protection of interests which are essential for the protection of the Data Subjects’ life or the life of another natural person (in the latter case, under the condition that Personal Data Processing cannot be based on a different legal basis), for example for humanitarian purposes, in particular in cases of natural disasters and man-made disasters;

(v)        exceptionally, consent of the Data Subject (Point a)). If the Data Subject consents to the Processing of his/her Personal Data for one or several other purposes which are not specified in Section 7 of this Policy, he/she may withdraw his/her consent at any time, however, such withdrawal does not affect the lawfulness of the Processing done prior to withdrawal of consent. After withdrawal of consent we shall cease any further Processing of the Data Subject’s Personal Data, if there is no other legal basis than those listed in the foregoing Points (i) – (iv) for the continuation of Processing, and we shall also anonymize, erase, or otherwise permanently destroy collected Personal Data in the time limits referred to in Section 12 of this Policy.

2       Depending on the legal nature of the cases in which we can represent our Clients, in particular in cases of misdemeanor or criminal law, on the Legal Basis referred to in Paragraph 1, Points (i) or (ii) of this Section we can also Process Personal Data with regard to criminal convictions and offences in accordance with Section 10 of the Regulation.

3       Depending on the legal nature of the cases in which we may represent our Clients, we may also Process Special Categories of Personal Data on the respective Legal Basis referred to in Section 9 Paragraph 2 of the Regulation, in conjunction with the corresponding Legal Basis referred to in Section 6 Paragraph 1 of the Regulation described in Paragraph 1 of this Section.

Section 7 Purposes of Processing

For what purposes may we Process the Personal Data of Data Subjects?

1       We can Process the Personal Data of all categories of Data Subjects referred to in Section 3 of this Policy for the following business Purposes:

(i)         performing our professional duties, i.e. providing contracted legal services on the basis of engagement letter, power of attorney and/or the Legal Profession Act, or an applicable decision of a competent authority for the Purpose of providing legal assistance, and especially for the Purpose of initiating and conducting proceedings before competent authorities, including courts, drafting of documentation, general and legal representation, and all for the purposes of protecting our Clients’ rights and legal interests;

(ii)        organizing and managing our business activities, executing business processes, managing our assets, exercise of rights and obligations arising under concluded contracts, including the Purposes of selection of Business Partners and managing Client and Business Partner relationships, issuing and managing payment of invoices, internal analysis, records and reports, prevention, conducting and resolving of disputes, archiving and other similar business Purposes;

(iii)       fulfillment of our legal duties and obligations regarding our professional business activities and the leading of our business ventures, including fulfillment of obligations regarding the Processing and protection of Personal Data and exercising the rights of Data Subjects, e.g. properly maintaining records, communicating with Data Subjects including answering their requests for realization of their rights, delivery of mandatory Personal Data to supervisory and other competent authorities such as the Personal Data Protection Agency, Tax Administration, State Inspector’s Office, etc.;

(iv)       protection of persons and property, including the protection of health, safety and integrity, especially for the Purposes of background checks, control of access to business premises and business IT and communication equipment, networks and systems;

(v)        promotion, marketing and advertising Purposes, including especially the development and upgrading of our services, managing Client and Business Partner relationships, informing Clients of legal novelties important for their cases or business activities, marketing activities via the Internet, primarily managing Internet Pages, etc.

2       We do not Process the Personal Data collected for specific Purposes for any other purposes, except in cases, and under the conditions and in the manner determined by the Regulation and other applicable laws and regulations, primarily if such further processing is consistent with the Purposes for which the Personal Data was initially collected. In particular, the continuation of Processing for archiving purposes in the public interest, scientific or historical research or statistical Purposes is considered compliant lawful processing. We shall promptly inform Data Subjects about such other purposes, as well as their rights, including the right to object.

Section 8 Personal Data Categories

Which types of Personal Data of Data Subjects do we Process?

1          We Process different types of Personal Data depending on the case and the nature of your relationship with DTB, i.e. depending on the category of the Data Subjects and the Purposes of Processing, primarily:

(i)         identification data such as:

-           name and surname, or company name;

-           Personal identification number (PIN) (in Croatian: OIB), Registration number (In Croatian: MBO), ID card number, passport number and other official identifiers;

-           photograph, other data contained in personal ID card, passport and other personal documentation;

-           other identification data contained in public registries or official documentation;

-           network identifiers, including IP address;

(ii)        contact information, such as:

-           address of domicile, residency, habitation, or headquarters;

-           e-mail address;

-           telephone numbers, including private and/or official mobile and/or landline numbers;

(iii)       employment information:

-           employer information;

-           job, i.e. work function, position;

-           business contact information (telephone numbers, e-mail addresses, postal address);

-           business communication information;

(iv)       accounting information such as:

-           name of bank;

-           bank account number (IBAN);

-           type and number of credit card;

-           other banking, transaction and financial information;

(v)        Special Categories of Personal Data:

-           information which reveal racial or ethnic origin;

-           political opinions;

-           religious and philosophical beliefs;

-           trade union membership;

-           genetic data;

-           biometric data;

-           health-related information;

-           sexual orientation information and other information regarding sex life;

(vi)       information regarding the Data Subject’s criminal records, i.e. information regarding criminal verdicts and felonies or related security measures, including information regarding allegations or charges for committing felonies, pending proceedings or convictions;

(vii)      content of communication and documentation, including especially case files, which may include any factors inherent to the physical, physiological, genetic, mental, economic, cultural or social identity of the Data Subject;

(viii)     other Personal Data, e.g. Cookies on our Internet Pages.

2       The review of the data Processed as per categories of Data Subjects and Personal Data and their respective Legal Bases and Purposes of Processing are contained in Section 10 hereof.

Section 9 Cookies

1       When visiting our Website, we may collect specific data, such as your device identifier, type of internet browser you are using, IP address from which you are accessing our Website and other data, via the so-called “Cookies” or other similar technologies for tracing and storing data as well as accessing such data, such as pixels, web-beacons, etc. (hereinafter referred  to as: Cookies). In general, Cookies do not contain Personal Data. The following types of Cookies are used on our Website, as per the following categories:

(a)      according to Purpose, i.e. their intended use:

(i)         necessary Cookies which are essential for the correct functioning of the Website and is used to properly display content available on the Website. This Cookie is stored on your device based on our legitimate interest within the meaning of Section 3 Paragraph 1 Point (iii) of this Policy if you do not disable it in your internet browsing settings. Please note that disabling of these cookies could affect your user experience on our Website, as this would prevent certain functionality;

(ii)        analytical Cookies are used to measure and analyze the use of our Website and help us understand the behavior of our visitors and the use of the Website. To set analytical Cookies, we need your prior consent that you give via banner when accessing the Website and which you are free to withdraw at any time and disable the appropriate option to store Cookies in your internet browser settings. If you disable such Cookies, it will not affect your user experience on our Website;

(b)      by source, i.e. depending on who places Cookies on your device and who has access to them, our Website only uses third-party Cookies that may be placed on your device by third parties, i.e. providers of certain services that we use under the contracts we have in place with them. Access to such Cookies is available to DTB, as well as the third party who set them up and they may be subject to that third party’s privacy and cookies policy;

(c)       by duration, i.e. depending on how long the Cookie remains stored on your device:

(i)         session Cookies are stored on your device during your visit to our Website and are deleted after you close the browser; and

(ii)        temporary Cookies remain on your device even after you leave our Website and close the browser, until such time specified in the cookie itself, upon the expiry of which the Cookie is automatically deactivated.

2       In addition to the necessary Cookies that we use based on our legitimate interests of maintaining and optimizing the Website, we also use the following analytical Cookies for the promotional and marketing purposes with the aim of developing our business:

(i)         Google Analytics, which is used to measure the number of visits to our Website and to analyze visitor behavior on our Website, such as which content is more visited and the like. You may disable these Cookies in your internet browser settings or by downloading this browser add-on that will store a Google Analytics rejection cookie on your device. More information about Google Analytics cookies can be found at this Google Notice and in Google’s Privacy Policy;

(ii)        Leadfeeder Tracker by a Finnish service provider Liidio Oy (Company ID: 2457101-9) which tracks information about companies that visit our Website, including information about the source of visitors, i.e. from where they come to our Website (from which IP address), which internet pages they visit within our Website and how much time they spend on our Website. The services of Leadfeeder Tracker are provided in a way that excludes the processing of Personal Data, since it processes and shows us only visits by corporate visitors. In other words, Leadfeeder Tracker does not collect or disclose to us data about natural persons, i.e. individuals who visit our Website, but all visit data is aggregated at the level of the specific company from which visitors come and are automatically filtered and exclude data of users visiting our Website from residential IP addresses. Leadfeeder Tracker uses Amazon Web Services infrastructure whose servers are located in the US and Ireland. Amazon Web Services Inc. provides a satisfactory level of personal data protection within the meaning of the requirements of the Regulation as it is certified in accordance with Commission’s Implementing Decision (EU) 2016/1250 of 12 July 2016. on the adequacy of protection provided by the EU-US Privacy Shield. More information about the Leadfeeder Tracker services compliance with the Personal Data Processing Regulation is available in Liidio Oy Notice and their Privacy Policy.

3       In regard of our Profile, LinkedIn, as data controller, may use its own cookies, e.g. for the purposes of targeted advertising and profiling, in relation to users of its social network who also follow our Profile. Therefore, prior to accessing our Profile, please carefully review all the applicable LinkedIn policies, particularly the policies and contract referred to in Section 2 Paragraph 2 of this Policy.

4       Depending on the internet browser you use, more information about managing cookies is available at the following links:

-           Internet Explorer;

-           Mozilla Firefox;

-           Google Chrome;

-           Safari;

-           Opera.

5       Overview of Cookies used on the Website within the meaning of Paragraph 2 of this Section, as per their Purpose, duration, and source:

NECESSARY COOKIES

Name

Description

Duration

Source

has_js

verifies whether the visitor’s browser enables javascript; used for the proper operation of the website; third-party cookie

180 minutes

Drupal

ANALYTICS COOKIES

Name

Description

Duration

Source

_ga

anonymously measures the number of visits to the Website;
third-party cookie

2 years

Google
(Google Analytics)

_gid

anonymously measures the number of visits to the Website;
third party cookie

24 hours

Google
(Google Analytics)

_gat_UA-*

anonymously measures the number of visits to the Website;
third-party cookie

session

Google
(Google Analytics)

_lfa

monitors corporate visitors to the Website;
third-party cookie

2 years

Liidio
(Leadfeeder Tracker)

Section 10 Overview of the Data Processed

Which types of Personal Data of Data Subjects do we Process? What is the Legal Basis and what are the Purposes of Processing of the relevant types of Personal Data?

1. Categories of
Data Subjects

2. Categories of
Personal Data

3. Legal Bases for
Processing

4. Purposes of
Processing

1         All categories of Data Subjects within the meaning of Section 3 hereof:

-      Identification data within the meaning of Section 8 Paragraph 1 Point (i) hereof;

-      Conclusion and performance of contracts within the meaning of Section 6 Paragraph 1 Point (i) hereof;

-      Fulfilment of legal obligations within the meaning of Section 6 Paragraph 1 Point (ii) hereof;

-      Legitimate interests within the meaning of Section 6 Paragraph 1 Point (iii) hereof;

-      Protection of vital interests within the meaning of Section 6 Paragraph 1 Point (iv) hereof;

-      Provision of contracted legal services within the meaning of Section 7 Paragraph 1 Point (i) hereof;

-      Business organisation and management within the meaning of Section 7 Paragraph 1 Point (ii) hereof;

-      Fulfilment of legal duties and obligations within the meaning of Section 7 Point 1 Point (iii) hereof;

-      Protection of persons and property within the meaning of Section 7 Paragraph 1 Point (iv) hereof.

-      Contact information within the meaning of Section 8 Paragraph 1 Point (ii) hereof;

-      Content of communication and documentation within the meaning of Section 8 Paragraph 1 Point (vii) hereof;

2         Clients and Business Partners within the meaning of Section 3 Points (i) and (ii) and Third-Party Individuals within the meaning of Section 3 Point (iv) Bullet Point 1 or 2 hereof;

In addition to the data referred to in Paragraph 1 of this Section:

-      Conclusion and performance of contracts within the meaning of Section 6 Paragraph 1 Point (i) hereof;

-      Performance of legal obligations within the meaning of Section 6 Paragraph 1 Point (ii) hereof;

-      Legitimate interests within the meaning of Section 6 Paragraph 1 Point (iii) hereof;

-      Provision of contracted legal services within the meaning of Section 7 Paragraph 1 Point (i) hereof;

-      Business organisation and management within the meaning of Section 7 Paragraph 1 Point (ii) hereof;

-      Fulfilment of legal duties and obligations within the meaning of Section 7 Paragraph 1 Point (iii) hereof.

-      Accounting data within the meaning of Section 8 Paragraph 1 Point (iv) hereof;

3         Clients within the meaning of Section 3 Point (i), legal representatives and/or employees within the meaning of Section 3 Point (iii) and Third-Party Individuals within the meaning of Section 3 Point (iv) Bullet Point 1 hereof,

In addition to the data referred to in Paragraph 1 of this Section:

-      Conclusion and performance of contracts within the meaning of Section 6 Paragraph 1 Point (i) hereof;

-      Protection of vital interests within the meaning of Section 6 Paragraph 1 Point (iv) hereof;

-      Provision of contracted legal services within the meaning of Section 7 Paragraph 1 Point (i) hereof.

-      Criminal record data within the meaning of Section 8 Paragraph 1 Point (vi) hereof; and

-      Special categories of Personal Data within the meaning of Section 8 Paragraph 1 Point (v) hereof, based on the corresponding Legal Basis referred to in Section 9 Point 2 of Regulation in conjunction with the corresponding general Legal Basis referred to in column 3 of this Paragraph:

4         Legal representatives and/or employees within the meaning of Section 3 Point (iii) hereof;

In addition to the data referred to in Paragraphs 1 and 3 hereof:

-      Legitimate interests within the meaning of Section 6 Paragraph 1 Point (iii) hereof;

-      consent within the meaning of Section 6 Paragraph 1 Point (v) hereof;

-      provision of contracted legal services within the meaning of Section 7 Paragraph 1 Point (i) hereof;

-      Business organisation and management within the meaning of Section 7 Paragraph 1 Point (ii) hereof;

-      Fulfilment of legal duties and obligations within the meaning of Section 7 Paragraph 1 Point (iii) hereof;

-      promotion, marketing and advertising activities within the meaning of Section 7 Paragraph 1 Point (i) hereof.

-      Employment data within the meaning of Section 8 Paragraph 1 Point (iii) hereof;

5         Website visitors  within the meaning of Section 3 Point (v) hereof,

In addition to the data referred to in Paragraph 1 of this Section, also data referred to in Section 9 hereof, especially:

 

-      promotion, marketing and advertising Purposes within the meaning of  Section 7 Paragraph 1 Point (i) hereof.

-      Network identifiers, including IP address;

-      Legitimate interest within the meaning of Section 6 Paragraph 1 Point (iii) hereof;

-      necessary Cookie;

-      legitimate interest within the meaning of Section 6 Paragraph 1 Point (iii) hereof;

-      analytics Cookies;

-      consent within the meaning of Section 6 Paragraph 1 Point (v) hereof.

Section 11 Categories of Recipients

With whom we may share Personal Data, or who may have access to Personal Data?

1       We may share your Personal Data with the following categories of recipients, i.e. other data controllers or processors:

(i)         public authorities, e.g. courts and other judicial bodies, administrative authorities, agencies, inspection authorities, etc.;

(ii)        our data processors who Process Personal Data as instructed by and on behalf of DTB in its capacity as Data Controller, such as bookkeeping services providers, providers of IT and communication services, etc.;

(iii)       our Business Partners who process Personal Data in their capacity as data controllers within the scope of services provided to us by them or services which we provide to them, or with whom we otherwise do business, such as Third-Party Individuals, banks, auditors, tax consultants, etc.

2       Some of the recipients referred to in Paragraph 1 of this Section may be located in “third-countries”, i.e. countries outside the European Economic Area, excluding Switzerland, which are not considered to be countries ensuring adequate level of personal data protection. In case of transferring such Personal Data to such recipients, we will require them to ensure adequate level of protection by means of contractual and other mechanisms set out in the Regulation, such as standard contractual clauses adopted by the European Commission, etc.

Section 12 Personal Data Retention Periods

How long do we keep your Personal Data? What are the criteria for establishing retention periods with regard to Personal Data?

1       We process Personal data of Data Subjects:

(i)         within time limits laid down by law, especially Legal Profession Act, applicable accounting, tax and other laws and regulations; or

(ii)        if Personal Data retention periods have not been laid down by law, as long as necessary for achieving the Purposes for which they have been collected, unless you demand their destruction prior to the elapse of a certain time limit, in accordance with any of your rights described in Section 14 hereof; whereas,

(iii)       we may retain certain Personal Data, or supporting documentation containing such Personal Data, for a period not exceeding 6 years from the date when the Purposes for which they have been collected have been achieved, for evidentiary Purposes in case of potential subsequent objections, disputes or proceedings.

2       Within the meaning of Paragraph 1 Point (i) of this Section, pursuant to Section 11 Paragraph 2 of the Legal Profession Act, we are obligated to keep files for at least 10 (in words: ten) years following final completion of proceedings where we represented a Client. In light thereof, we Process all Personal Data contained in our case files during representation of a Client, and upon final completion of relevant proceedings, we keep them for the next 10 (in words: ten) years.

If, within the scope of a finally completed case, the following is pending: enforcement proceedings, extraordinary legal remedies proceedings, proceedings for protection of Client’s rights before the Constitutional Court of the Republic of Croatia and/or European Court of Human Rights, etc., then we Process our files and Personal Data contained therein for the duration of such proceedings, whereupon we will retain them for the next 10 (in words: ten) years, counting from the date when all legal remedies aiming at protecting the rights and legal interests of a Client have been exhausted, i.e. from the date when our representation has ended, as appropriate.

3       Within the meaning of Paragraph 1 Point (ii) of this Section, if the Client provided us with certain documents, such as agreements, testaments, etc., such documents and the Personal Data contained therein shall be retained by us based on Client’s instructions, until their return to the Client.

4       Upon the elapse of the relevant retention period, we will destroy the Personal Data or anonymize them if necessary, and if appropriate conditions therefore have been met. Anonymized data are no longer considered to be Personal Data since it is not possible to identify an individual based on such data.

Section 13 Safety and Confidentiality

How do we protect Personal Data against breach?

1       We implement appropriate technical and organisational measures for protecting Personal Data from misuse or accidental, unlawful or unauthorized destruction, loss, modification, disclosure, acquisition or access (hereinafter referred to as: Data Breach), in accordance with applicable laws and regulations and accepted data privacy and safety technical standards, including:

(i)         restriction of access to Personal Data only to our employees and other authorized persons, to the extent this is necessary for performance of their job for the purpose of achieving relevant Purposes set out in Section 7 hereof;

(ii)        physical protection and supervision of access to our premises where the Personal Data are Processed;

(iii)       protection of our IT and communication equipment, systems, and networks.

2       Pursuant to Section 13 of the Legal Profession Act and Sections 26 – 34 of the Attorneys’ Code of Ethics, DTB must keep legally privileged all information disclosed by a Client or otherwise found out within the scope of representation of a Client, whereas the legal profession privilege obligation applies to both our current and former employees. In all other cases we keep Personal data legally privileged.

Section 14 Rights of Data Subjects

What are the rights of a Data Subject in connection with our Processing of Personal Data?

1       You have the following rights relating to our Processing of your Personal Data:

(i)         right to access your Personal Data, i.e. the right to obtain from us confirmation as to whether or not Personal Data concerning you are being processed, and if such Personal Data are being Processed, the right to access your Personal Data, including the right to obtain a copy of Personal Data being Processed;

(ii)        right to rectification or update of incorrect Personal Data concerning you without undue delay, including by means of providing an additional statement;

(iii)       right to erasure of Personal Data concerning you, especially if:

-           they are no longer necessary in relation to the Purposes for which they are collected or otherwise Processed;

-           they have been unlawfully processed;

-           you withdraw, fully or partially, consent which you gave us for the Processing of your Personal Data for the determined Purposes and if there is no other legal basis for Processing; or

-           they must be erased for compliance with a legal obligation pursuant to the applicable laws and regulations;

(iv)       right to restriction of Processing in the following cases:

-           if you contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of Personal Data;

-           if the Processing is unlawful, but you oppose the erasure of your Personal Data and request the restriction of their use instead;

-           if we no longer need the Personal Data for the purposes of the Processing, but you require them for the establishment, exercise, or defence of legal claims; or

-           if you objected to the Processing of your Personal Data which we Process based on legitimate interests, pending the verification whether or legitimate grounds override your personal interests;

(v)        if we Process certain of your Personal Data based on consent, you have the right to withdraw your consent at any time; however, this shall not affect the lawfulness of Processing based on consent before its withdrawal;

(vi)       you have the right to object at any time to the Processing of your Personal Data for the purposes of direct marketing, including the prohibition of profiling to the extent this is related to such direct marketing.

2       Should you want to exercise some of the foregoing rights or should you have any other questions, remarks or requests pertaining to our Processing of your Personal Data, please contact us at: privacy@dtb.hr.

3       We will reply no later than within one month from the date of receipt of your request or query and will inform you about the actions taken or reasons for which we are unable to comply with your request. In case of numerous requests or complexity of your request, we may extend the foregoing deadline for additional two months and will inform you about the reasons for such extension.

4       If your request is evidently unjustified or excessive, including in the event of frequent submission of requests, we may charge a reasonable fee due to administrative costs or we may refuse to comply with the request.

5       You have the right to lodge a complaint regarding our Processing of your Personal Data to the Croatian Personal Data Protection Agency, Zagreb, Selska cesta 136 (www.azop.hr).