• Hrvatski
  • English
  • PRIVACY POLICY

    Please, carefully read this Personal Data Processing and Protection Policy and the Terms of Use  applicable to the use of the website of Divjak, Topić, Bahtijarević & Krka Law Firm LLC www.dtb.hr (“Website”). If any provision of this Policy or the Terms of Use is unacceptable to you, please, refrain from accessing our Website.

    This is to inform you that we have updated our Privacy Policy which will apply from 1 February 2022. The amendments refer to the provisions  on Cookies. Kindly note that we have removed analytical Cookies and now our Website uses only essential technical Cookies.

    Subject to the General Data Protection Regulation (“Regulation”) and the General Data Protection Implementation Act, as well as the Legal Profession Act, on 24 January 2022 Divjak, Topić, Bahtijarević & Krka Law Firm LLC from Zagreb, Ivana Lučića 2A (“DTB”) adopted the following

    PRIVACY POLICY

    Applicable from 1 February 2022

    POLICY APPLICATION

    1       This Policy applies to the Processing and protection of the Personal Data of all Data Subjects by DTB as the Data Controller, irrespective of the source of the Personal Data or the method of Processing, including the Processing of Personal Data in the ordinary course of operation of DTB, as well as through DTB’s website www.dtb.hr (“Website”), DTB’s profile on LinkedIn (“Profile”) and any other and/or subsequent forms of DTB’s presence on the Internet where it contains a reference to this Policy (“Internet Page/s”).

    2       This Policy applies to you if you access our Internet Pages or otherwise contact DTB. In addition to this Policy, the Terms of Use of our Website also apply when using the Website. Other than this Policy, the Terms & Conditions apply to all users of our Internet Websites as well. If any provision of the Policy or the Terms of Use is unacceptable to you, please refrain from accessing our Internet Pages, or from contacting DTB in any other manner.

    3          In the event of amendments to this Policy, we will inform you in an appropriate manner on the Website and Profile, and the updated Policy shall contain the date of its effectiveness in the header. If any provision of the updated Policy is unacceptable to you, please refrain from accessing our Internet Pages and from otherwise contacting DTB from the date of effectiveness of the updated Policy.

    4       Capitalized terms shall have the meaning specified in the Glossary at the end of this Policy.

     

    DATA CONTROLLER AND DATA PROTECTION OFFICER

    1      DTB is the Data Controller regarding the Processing of your Personal Data within the meaning of Section 1 of this Policy. You are free to contact us via the contact information stated here .

    2       With regard to the Processing of specific Personal Data on our Profile, DTB and LinkedIn may be considered Joint Data Controllers, in particular in the context of promoting, marketing and/or advertising, including targeted advertising and Profiling that LinkedIn may perform in accordance with its own policies and terms, especially as set out in LinkedIn’s Privacy Policy , Cookie Policy , User Agreement and Ad Choices. Before accessing our Profile, we recommend carefully reviewing all the applicable LinkedIn rules, especially the Policies and Agreement referred to herein.

    3       DTB has appointed a Data Protection Officer whom you may contact in case of any questions, remarks, requests, complaints, or other comments regarding our Processing of your Personal Data, by using contact information provided here.

    CATEGORIES OF DATA SUBJECTS

    DTB Processes Personal Data of the following categories of Data Subjects:

    • Clients – natural persons, including small businesses, or other forms of individual performance of professional vocations or economic activities;
    • Business Partners – natural persons, including small businesses, or other forms of individual performance of professional vocations or economic activities;
    • legal representatives (e.g. directors) and/or Employees in legal entities who are our Business Partners, Clients, or Counterparties;
    • Third-Party Individuals, especially:
    • Counterparties – natural persons;
    • proxies of Counterparties – natural persons;
    • other participants – natural persons in legal proceedings and other cases;
    • judges and other officers and employees of the courts and other competent governmental authorities;
    • witnesses;
    • court experts;
    • court interpreters;
    • notaries public; and
    • other individuals.
    • visitors of our Internet Pages.

    OBLIGATION TO PROVIDE PERSONAL DATA

    1       Processing of most Personal Data is prescribed by the relevant legal regulations in the field of legal profession, corporate and commercial law, accounting, tax law, etc., and is therefore obligatory, i.e. you are obligated to provide your Personal Data and we are, in turn, obligated to Process such information in accordance with such regulations. If you do not provide us with such obligatory Personal Data, we will not be able to provide you with the necessary legal assistance or conclude other types of business (contractual) relationships or remain in such a business (contractual) relationship.

    2       The disclosure and Processing of Personal Data of the Data Subjects may be a contractual obligation of our Client or Business Partner and a necessary condition for regular business communication. In other words, the disclosure of Personal Data by Data Subjects in such cases is related to their employment or other relevant capacity with our Client or Business Partner and their business relationship with us.

    3       Providing certain types of Personal Data of Data Subjects for specific Purposes may be voluntary, on the basis of a voluntary and informed Consent which the Data Subject may withdraw at any time, i.e. failure to provide such Personal Data would not have any adverse consequences for the  Data Subject.

    SOURCES OF PERSONAL DATA

    1          We primarily collect Personal Data directly from Data Subjects whenever possible.

    2       In specific cases, in particular when we are not in direct contact with the Data Subject, e.g. in case of Third-Party Individuals or Employees of our Clients and Business Partners who are legal persons, we may collect Personal Data indirectly – from the documentation provided to us or from public sources, such as public registries, public books, or other documentation from government authorities, etc.

    3       We may also Process certain Personal Data, which was created in the context of, or as a result of providing our legal services with regard to the relevant Data Subject, Client, Business Partner, or Third-Party Individuals.

    LEGAL BASIS FOR PROCESSING OF PERSONAL DATA

    1          DTB may Process the Personal Data of Data Subjects on any one of the following Legal Bases referred to in Section 6 Paragraph 1 of the Regulation :

    • conclusion and performance of legal services contracts (Point (b));
    • fulfillment of legal obligations by DTB (Point (c)). Such Processing may be necessary on the basis of applicable legal regulations, e.g. tax law, commercial/corporate law, criminal law, anti-money laundering laws, etc., including in connection with supervision carried out by competent governmental authorities, as well as in case of legal obligations to provide data;
    • achieving legitimate interests of DTB or third parties (Point (f)), e.g. exercising due diligence in selection of Business Partners, conduct of business and management of Client relations, protection of persons and assets, information on services, etc.;
    • protection of vital interests of the Data Subject or other individual (Point (d)), i.e. where the Processing is necessary for the protection of interests which are essential for the protection of the Data Subjects’ life or the life of another natural person (in the latter case, under the condition that Personal Data Processing cannot be based on a different legal basis), for example for humanitarian purposes, in particular in cases of natural disasters and man-made disasters;
    • exceptionally, Consent of the Data Subject (Point a)). If the Data Subject gives his/her Consent to the Processing of his/her Personal Data for one or several Purposes, he/she may withdraw his/her Consent at any time, however, such withdrawal does not affect the lawfulness of the Processing done prior to withdrawal of the Consent. After the withdrawal of the Consent we shall cease any further Processing of the Data Subject’s Personal Data, if there is no other Legal Basis than those listed in the foregoing Points (i) – (iv) for the continuation of Processing, and we shall also Anonymize, erase, or otherwise permanently destroy collected Personal Data in the time limits referred to in Section 12 of this Policy.

    2       Depending on the legal nature of the cases in which we can represent our Clients, in particular in cases of misdemeanor or criminal law, on the Legal Basis referred to in Paragraph 1, Points (i) or (ii) of this Section we can also Process Personal Data on Criminal Record in accordance with Section 10 of the Regulation.

    3       Depending on the legal nature of the cases in which we may represent our Clients, we may also Process Special Categories of Personal Data on the respective Legal Basis referred to in Section 9 Paragraph 2 of the Regulation, in conjunction with the corresponding Legal Basis referred to in Section 6 Paragraph 1 of the Regulation described in Paragraph 1 of this Section.

    PURPOSES OF PROCESSING

    1       We can Process the Personal Data of all categories of Data Subjects referred to in Section 3 of this Policy for the following business Purposes:

    • performing our professional duties, i.e. providing contracted legal services on the basis of engagement letter, power of attorney and/or the Legal Profession Act, or an applicable decision of a competent authority for the Purpose of providing legal assistance, and especially for the Purpose of initiating and conducting proceedings before competent authorities, including courts, drafting of documentation, general and legal representation, and all for the purposes of protecting our Clients’ rights and legal interests;
    • organizing and managing our business activities, executing business processes, managing our assets, exercise of rights and obligations arising under concluded contracts, including the Purposes of selection of Business Partners and managing Client and Business Partner relationships, issuing and managing payment of invoices, internal analysis, records and reports, prevention, conducting and resolving of disputes, archiving and other similar business Purposes;
    • fulfillment of our legal duties and obligations regarding our professional business activities and the leading of our business ventures, including fulfillment of obligations regarding the Processing and protection of Personal Data and exercising the rights of Data Subjects, e.g. properly maintaining records, communicating with Data Subjects including answering their requests for realization of their rights, delivery of mandatory Personal Data to supervisory and other competent authorities such as AZOP, Tax Administration, State Inspector’s Office, etc.;
    • protection of persons and property, including the protection of health, safety and integrity, especially for the Purposes of background checks, control of access to business premises and business IT and communication equipment, networks and systems;
    • promotion, marketing and advertising Purposes, including especially the development and upgrading of our services, managing Client and Business Partner relationships, informing Clients of legal novelties important for their cases or business activities, marketing activities via the Internet, primarily managing Internet Pages, etc.

    2       We do not Process Personal Data collected for specific Purposes for any other purposes, except in cases, and under the conditions and in the manner determined by the Regulation and other applicable laws and regulations, primarily if such further Processing is consistent with the Purposes for which the Personal Data was initially collected. In particular, the continuation of Processing for archiving purposes in the public interest, scientific or historical research or statistical Purposes is considered compliant lawful processing. We shall promptly inform Data Subjects about such other purposes, as well as their rights, including the right to object.

    PERSONAL DATA CATEGORIES

    1          We Process different types of Personal Data depending on the case and the nature of your relationship with DTB, i.e. depending on the category of Data Subjects and Purposes of Processing, primarily:

    • identification data such as:
    • name and surname, or company name;
    • Personal identification number (PIN) (in Croatian: OIB), Registration number (In Croatian: MBO), ID card number, passport number and other official identifiers;
    • photograph, other data contained in personal ID card, passport and other personal documentation;
    • other identification data contained in public registries or official documentation;
    • network identifiers, including IP address;
    • contact information, such as:
    • address of domicile, residency, habitation, or headquarters;
    • e-mail address;
    • telephone numbers, including private and/or official mobile and/or landline numbers;
    • employment information:
    • employer information;
    • job, i.e. work function, position;
    • information on working hours;
    • business contact information (telephone numbers, e-mail addresses, postal address);
    • business communication information;
    • accounting information such as:
    • name of bank;
    • bank account number (IBAN);
    • type and number of credit card;
    • other banking, transaction and financial information;
    • Special Categories of Personal Data revealing:
    • racial or ethnic origin;
    • political opinions;
    • religious and philosophical beliefs;
    • trade union membership;
    • genetic or biometric data for the Purpose of uniquely identifying an individual;health-related information; and
    • sexual orientation information and other information regarding sex life;
    • Personal Data on Criminal Record of  Data Subjects, i.e. data concerning criminal convictions and offences or related security measures, including data concerning allegations or charges for committing criminal offences, pending proceedings or convictions;
    • content of communication and documentation, including especially case files, which may include any factors inherent to the physical, physiological, genetic, mental, economic, cultural or social identity of Data Subjects;
    • other Personal Data, e.g. Cookies on our Internet Pages.

    2          The review of the subject matter of Processing as per categories of Data Subjects and Personal Data and their respective Legal Bases and Purposes of Processing are contained in Section 10 hereof.

    COOKIES

    1       When visiting our Website, we may collect specific data, such as your device identifier, type of internet browser you are using, IP address from which you are accessing our Website, your choice of language on our Website, the fact that you have reviewed the cookie notice, and other data, via the so-called “Cookies” or other similar technologies for tracing and storing data as well as accessing such data, such as pixels, web-beacons, etc. (“Cookies”). Our Website uses only technical Cookies necessary for its proper functioning, which are placed by the WordPress computer program used to develop our Website. These Cookies are used to properly display the content available on the Website. Essential technical Cookies are stored on your device based on our legitimate interest within the meaning of Section 3, Paragraph 1, Point (iii) hereof unless you have disabled the option to store Cookies in your internet browser settings. At the same time, please note that the disabling of essential technical Cookies in your browser settings could affect your user experience on our Website as it would also disable certain Website functionalities, such as language settings you have chosen.

    These are the so-called First-party Cookies, i.e. the Cookies stored on your device and accessed by our Website that you have visited.

    (a)     

    With respect to duration, i.e. depending on how long a Cookie remains stored on your device, there are:

    • session Cookies which are stored on your device during your visit to our Website and are deleted after you close the browser; and
    • temporary Cookies which remain on your device even after you leave our Website and close the browser, until such time specified in the Cookie itself, upon the expiry of which the Cookie is automatically deactivated.

    2       In regard of our Profile, LinkedIn, as data controller, may use its own Cookies, e.g. for the purposes of targeted advertising and Profiling, in relation to users of its social network who also follow our Profile. Therefore, prior to accessing our Profile, please carefully review all the applicable LinkedIn policies, particularly the policies and contract referred to in Section 2 Paragraph 2 of this Policy.

    3       Depending on the internet browser you use, more information about managing cookies is available at the following links:

    OVERVIEW OF DATA PROCESSED

    1. Categories of
    Data Subjects
    2. Categories of
    Personal Data
    3. Legal Bases for
    Processing
    4. Purposes of
    Processing
    1          All categories of Data Subjects within the meaning of Section 3 hereof:–      Identification data within the meaning of Section 8 Paragraph 1 Point (i) hereof;
    –      Contact information within the meaning of Section 8 Paragraph 1 Point (ii) hereof;
    –      Content of communication and documentation within the meaning of Section 8 Paragraph 1 Point (vii) hereof;
    –      Conclusion and performance of contracts within the meaning of Section 6 Paragraph 1 Point (i) hereof;
    –      Fulfilment of legal obligations within the meaning of Section 6 Paragraph 1 Point (ii) hereof;
    –      Legitimate interests within the meaning of Section 6 Paragraph 1 Point (iii) hereof;
    Protection of vital interests within the meaning of Section 6 Paragraph 1 Point (iv) hereof;
    –      Provision of contracted legal services within the meaning of Section 7 Paragraph 1 Point (i) hereof;
    –      Business organisation and management within the meaning of Section 7 Paragraph 1 Point (ii) hereof;
    –      Fulfilment of legal duties and obligations within the meaning of Section 7 Point 1 Point (iii) hereof;
    Protection of persons and property within the meaning of Section 7 Paragraph 1 Point (iv) hereof.
    2          Clients and Business Partners within the meaning of Section 3 Points (i) and (ii) and Third-Party Individuals within the meaning of Section 3 Point (iv) Bullet Point 1 or 2 hereof;In addition to the data referred to in Paragraph 1 of this Section:
    –      Accounting data within the meaning of Section 8 Paragraph 1 Point (iv) hereof;
    –      Conclusion and performance of contracts within the meaning of Section 6 Paragraph 1 Point (i) hereof;
    –      Performance of legal obligations within the meaning of Section 6 Paragraph 1 Point (ii) hereof;
    Legitimate interests within the meaning of Section 6 Paragraph 1 Point (iii) hereof;
    –      Provision of contracted legal services within the meaning of Section 7 Paragraph 1 Point (i) hereof;
    –      Business organisation and management within the meaning of Section 7 Paragraph 1 Point (ii) hereof;
    Fulfilment of legal duties and obligations within the meaning of Section 7 Paragraph 1 Point (iii) hereof.
    3          Clients within the meaning of Section 3 Point (i), legal representatives and/or Employees within the meaning of Section 3 Point (iii) and Third-Party Individuals within the meaning of Section 3 Point (iv) Bullet Point 1 hereof,In addition to the data referred to in Paragraph 1 of this Section:
    –      Personal Data on Criminal Record within the meaning of Section 8 Paragraph 1 Point (vi) hereof; and
    –      Special Categories of Personal Data within the meaning of Section 8 Paragraph 1 Point (v) hereof, based on the corresponding Legal Basis referred to in Section 9 Point 2 of Regulation in conjunction with the corresponding general Legal Basis referred to in column 3 of this Paragraph:
    –      Conclusion and performance of contracts within the meaning of Section 6 Paragraph 1 Point (i) hereof;
    –      Protection of vital interests within the meaning of Section 6 Paragraph 1 Point (iv) hereof;
    –      Provision of contracted legal services within the meaning of Section 7 Paragraph 1 Point (i) hereof.
    4          Legal representatives and/or Employees within the meaning of Section 3 Point (iii) hereof;In addition to the data referred to in Paragraphs 1 and 3 hereof:
    –      Employment data within the meaning of Section 8 Paragraph 1 Point (iii) hereof;
    –      Legitimate interests within the meaning of Section 6 Paragraph 1 Point (iii) hereof;
    –      Consent within the meaning of Section 6 Paragraph 1 Point (v) hereof;
    –      provision of contracted legal services within the meaning of Section 7 Paragraph 1 Point (i) hereof;
    –      Business organisation and management within the meaning of Section 7 Paragraph 1 Point (ii) hereof;
    –      Fulfilment of legal duties and obligations within the meaning of Section 7 Paragraph 1 Point (iii) hereof;
    promotion, marketing and advertising activities within the meaning of Section 7 Paragraph 1 Point (i) hereof.
    5          Visitors of Internet Pages within the meaning of Section 3 Point (v) hereof,In addition to the data referred to in Paragraph 1 of this Section, also data referred to in Section 9 hereof, via essential technical Cookies, in particular:
    –      network identifiers, including IP address;
    –      the settings you select on our Website;
    The legitimate interest within the meaning of Section 6 Paragraph 1 Point (iii) hereof;– promotion, marketing and advertising Purposes within the meaning of Section 7 Paragraph 1 Point (i) hereof.

    CATEGORIES OF RECIPIENTS

    1       We may share your Personal Data with the following categories of Recipients, i.e. other Data Controllers or Data Processors:

    • public authorities, e.g. courts and other judicial bodies, administrative authorities, agencies, inspection authorities, etc.;
    • our Data Processors who Process Personal Data as instructed by and on behalf of DTB in its capacity as the Data Controller, such as bookkeeping services providers, providers of IT and communication services, etc.;
    • our Business Partners who process Personal Data in their capacity as Data Controllers within the scope of services provided to us by them or services which we provide to them, or with whom we otherwise do business, such as Third-Party Individuals, banks, auditors, tax consultants, etc.

    2       Some of the Recipients referred to in Paragraph 1 of this Section may be located in “third-countries”, i.e. countries outside the European Economic Area, which are not considered to be countries ensuring adequate level of personal data protection. In case of transferring Personal Data to such Recipients, we will require them to ensure adequate level of protection by means of contractual and other mechanisms set out in the Regulation, such as standard contractual clauses adopted by the European Commission, etc.

    PERSONAL DATA RETENTION PERIODS

    1       We Process Personal Data of Data Subjects:

    • within time limits laid down by law, especially Legal Profession Act, applicable accounting, tax and other laws and regulations; or
    • if Personal Data retention periods have not been laid down by law, as long as it is necessary for achieving the Purposes for which they have been collected, unless you demand their destruction prior to the elapse of a certain time limit, in accordance with any of your rights described in Section 14 hereof; whereas,
    • we may retain certain Personal Data, or supporting documentation containing such Personal Data, for a period not exceeding 6 (in words: six) years from the date when the Purposes for which they have been collected have been achieved, for evidentiary Purposes in case of potential subsequent objections, disputes or proceedings.

    2       Within the meaning of Paragraph 1 Point (i) of this Section, pursuant to Section 11 Paragraph 2 of the Legal Profession Act, we are obligated to keep files for at least 10 (in words: ten) years following final completion of proceedings where we represented a Client. In light thereof, we Process all Personal Data contained in our case files during representation of a Client, and upon final completion of relevant proceedings, we keep them for the next 10 (in words: ten) years.

    If, within the scope of a finally completed case, the following is pending: enforcement proceedings, extraordinary legal remedies proceedings, proceedings for protection of Client’s rights before the Constitutional Court of the Republic of Croatia and/or European Court of Human Rights, etc., then we Process our files and Personal Data contained therein for the duration of such proceedings, whereupon we will retain them for the next 10 (in words: ten) years, counting from the date when all legal remedies aiming at protecting the rights and legal interests of a Client have been exhausted, i.e. from the date when our representation has ended, as appropriate.

    3       Within the meaning of Paragraph 1 Point (ii) of this Section, if the Client provided us with certain documents, such as agreements, testaments, etc., such documents and Personal Data contained therein shall be retained by us based on Client’s instructions, until their return to the Client.

    4       Upon the elapse of the relevant retention period, we will destroy Personal Data or Anonymize them if necessary, and if appropriate conditions therefore have been met. Anonymized data are no longer considered to be Personal Data since it is not possible to identify an individual based on such data.

    SAFETY AND CONFIDENTIALITY

    1       We implement appropriate technical and organisational measures for protecting Personal Data from misuse or accidental, unlawful or unauthorized destruction, loss, modification, disclosure, acquisition or access (“Data Breach”), in accordance with applicable laws and regulations and accepted data privacy and safety technical standards, including:

    • restriction of access to Personal Data only to our Employees and other authorized persons, to the extent this is necessary for performance of their job for the purpose of achieving relevant Purposes set out in Section 7 hereof;
    • physical protection and supervision of access to our premises where the Personal Data are Processed;
    • protection of our IT and communication equipment, systems, and networks.

    2       Pursuant to Section 13 of the Legal Profession Act and Sections 26 – 34 of the Attorneys’ Code of Ethics, DTB must keep legally privileged all information disclosed by a Client or otherwise found out within the scope of representation of a Client, whereas the legal profession privilege obligation applies to both our current and former Employees. In all other cases we keep Personal Data legally privileged.

    RIGHTS OF DATA SUBJECTS

    1       You have the following rights relating to our Processing of your Personal Data:

    • right to access your Personal Data, i.e. the right to obtain from us confirmation as to whether or not Personal Data concerning you are being Processed, and if such Personal Data are being Processed, the right to access your Personal Data, including the right to obtain a copy of Personal Data being Processed;
    • right to rectification or update of incorrect Personal Data concerning you without undue delay, including by means of providing an additional statement;
    • right to erasure of Personal Data concerning you, especially if:
    • they are no longer necessary in relation to the Purposes for which they are collected or otherwise Processed;
    • they have been unlawfully Processed;
    • you withdraw, fully or partially, Consent which you gave us for the Processing of your Personal Data for the determined Purposes and if there is no other Legal Basis for the Processing; or
    • they must be erased for compliance with a legal obligation pursuant to the applicable laws and regulations;
    • right to restriction of Processing in the following cases:
    • if you contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of Personal Data;
    • if the Processing is unlawful, but you oppose the erasure of your Personal Data and request the restriction of their use instead;
    • if we no longer need Personal Data for the purposes of the Processing, but you require them for the establishment, exercise, or defence of legal claims; or
    • if you objected to the Processing of your Personal Data which we Process based on legitimate interests, pending the verification whether or not the legitimate interests of DTB as the Data Controller override your personal interests;
    • if we Process certain Personal Data based on your Consent, you have the right to withdraw your Consent at any time; however, this shall not affect the lawfulness of Processing based on the Consent before its withdrawal;
    • you have the right to object at any time to the Processing of your Personal Data for the purposes of direct marketing, including the prohibition of Profiling to the extent this is related to such direct marketing.

    2       Should you want to exercise some of the foregoing rights or should you have any other questions, remarks or requests pertaining to our Processing of your Personal Data, please contact us at: privacy@dtb.hr.

    3       We will reply no later than within one month from the date of receipt of your request or query and will inform you about the actions taken or reasons for which we are unable to comply with your request. In case of numerous requests or complexity of your request, we may extend the foregoing deadline for additional two months and will inform you about the reasons for such extension.

    4       If your request is evidently unjustified or excessive, including in the event of frequent submission of requests, we may charge a reasonable fee due to administrative costs or we may refuse to comply with the request.

    5       You have the right to lodge a complaint regarding our Processing of your Personal Data to AZOP (www.azop.hr).

    GLOSSARY

    Anonymizationmeans the process of removing personal identifiers from Personal Data so that it is (no longer) possible in any way whatsoever to identify the individual relevant to the anonymous or anonymized data. For example, statistical data are anonymous data. In fact, anonymous or anonymized data are no longer Personal Data and the Regulation does not apply to their use. Anonymization must be differentiated from Pseudonymization.
    AZOPmeans the Personal Data Protection Agency, a competent Croatian supervisory authority for personal data protection, with registered office in Selska cesta 136, 10000 Zagreb.
    DTBmeans the Personal Data Protection Agency, a competent Croatian supervisory authority for personal data protection, with registered office in Selska cesta 136, 10000 Zagreb.
    EEAmeans the European Economic Area  which includes all the EU Member States, including Iceland, Lichtenstein and Norway.
    Internet Pagesmeans the Website, Profile and/or any other and/or subsequent forms of DTB’s presence on the Internet, where it contains a reference to this Policy.
    Data Subjectmeans an identified or identifiable natural person, i.e. an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such individual.
    Data Processor means a natural or legal person which processes Personal Data on behalf of and on instruction from the Data Controller under the processing agreement.
    Cookiemeans a small text file that the Website may store on your device during your visit, including, for the purposes of this Policy, other similar technologies for the tracking and storing of, and access to, the data, such as pixels, web beacons, etc.
    Websitemeans www.dtb.hr
    Processing or (to) Processmeans any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as:
    –   collection
    –   recording
    –   organization
    –   structuringstorage
    –   adaptation or alteration
    –   retrieval
    –   consultation
    –   use
    –   disclosure by transmission, dissemination or otherwise making available
    –   alignment or combination
    –   restriction
    –   erasure or destruction
    –   and other means.
    Personal Datameans any information relating to the Data Subject.
    Personal Data on Criminal Record means Personal Data concerning criminal convictions and offences or related security measures.
    Special Categories of Personal Data means Personal Data revealing:
    –   racial or ethnic origin;
    –   political opinions;
    –   religious or philosophical beliefs; or
    –   trade union membership; and
    –   genetic and/or biometric data processed for the purpose of uniquely identifying Data Subjects;
    –   data concerning health; or
    data concerning a Data Subject’s sex life or sexual orientation.
    Business Partner means a legal or natural person other than the Clients, who provides services, sells goods or is in some other business relationship with DTB.
    Data Breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data Processed.
    Legal Basis for the Processing means the basis for the Processing of Personal Data laid down under the Regulation or under special laws, regulations or administrative provisions adopted pursuant to the law. In other words, it is a legitimate reason or permission for the Processing. The Regulation provides for several fundamental Legal Bases for the Processing of Personal Data, in particular:
    –    for the purposes of the legitimate interests pursued by the Data Controller or another legal or natural person (e.g. the Recipient), except where such interests are overridden by the interests or fundamental rights and freedoms of Data Subjects which require protection of Personal Data, in particular where the Data Subject is a child (i.e. a person under the age of 18);
    –   for the performance of a contract concluded with the Data Subject or for the purpose of taking steps at the request of the Data Subject prior to entering into a contract;
    –   for compliance with legal obligations to which the Data Controller is subject (or obligations laid down under laws, regulations or administrative provisions);
    –    for the protection of the vital interests of Data Subjects or of another natural person (individual);
    –   for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the Data Controller; oron the basis of the Consent of Data Subjects; and other bases.
    Recipientmeans a natural or legal person, public authority, institution, agency or another organization, to which Personal Data are transmitted, disclosed or communicated.
    Consentmeans any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him/her..
    Profilemeans DTB’s profile on LinkedIn.
    Profilingmeans any form of automated processing of Personal Data which involves the use of Personal Data to evaluate specific personal aspects relating to an individual, in particular to analyze or predict aspects concerning such individual’s performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements.
    Counterpartymeans a natural or legal person who is in an opposing legal position, whether disputed or undisputed, or who has opposing interests in relation to a Client.
    Pseudonymizationmeans the Processing of Personal Data in such a manner that Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is protected by technical and organizational measures. In other words, pseudonymized Personal Data allow for the identification of Data Subjects only by using additional separated and protected data. For example, the Data Subject’s first and last name is replaced by a unique number, and the list of names and corresponding numbers is kept separately, with appropriate protection. Pseudonymization must be differentiated from Anonymization.
    Employeemeans a natural person who is employed to perform certain tasks for the employer (employee, official, etc.) The employer is a natural or legal person that employs the Employee. In the context of the Processing of Personal Data, the Employee will be the Data Subject, and the employer in relation to the Employee will be the Data Controller.
    Data Protection Officermeans a natural or legal person appointed by the Data Controller to perform that function and reported to AZOP. Information about the Data Protection Officer must be publicly available, for example on the website and notice board of the Data Controller. The professional requirements, scope and responsibility of the Data Protection Officer are set out in the Regulation. The Data Protection Officer does not have to be an Employee of the Data Controller; it can be a contractual expert associate.
    Clientmeans a natural or legal person provided with legal services by DTB.
    Filing systemmeans any structured set of Personal Data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
    Purposemeans a specific, explicit and lawful, i.e. specific, clear and legitimate purpose or reason for the Processing of Personal Data determined by the Data Controller.
    Basis for the Transfermeans the legal basis for the transfer of Personal Data outside the EEA. The Regulation specifies several permitted Bases for the Transfer, in particular:
    –   adequacy decision – made by the European Commission for certain countries; no special approvals are required for the transfer under such adequacy decision. Adequacy decisions have currently been made in respect of: Andorra, Argentina, Canada (for organizations in the economic sector), the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand, the Republic of Korea (South Korea), Switzerland, the United Kingdom and Uruguay;
    –   standard contractual clauses – standard contractual provisions on the transfer of Personal Data which were approved by the European Commission and on the basis of which a contract on the transfer of Personal Data can be concluded with the Data Processor or with the Data Controller from a country for which there is no adequacy decision;
    –   binding corporate rules – Personal Data protection policies followed by the Data Controller or the Data Processor for transfers or sets of transfers of Personal Data to the Data Controller or the Data Processor within the same group of undertakings located in countries outside the EEA;
    –   where there are none of the specific Bases for the Transfer,  the transfer can be carried out, under exceptional circumstances, if there is one of the legal bases contained in Article 49 of the Regulation for such a transfer.
    Third-Party Individualmeans the Data Subject other than the Client, Business Partner or their Employee, with whom DTB may periodically enter into a relationship with regard to the provision of legal services, business or otherwise.
    Regulationmeans General Data Protection Regulation (EU) 2016/679 (–GDPR).
    Data Controllermeans a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the Purposes and means of the Processing of Personal Data.
    Joint Controllersmeans two or more Data Controllers who jointly determine the Purposes and means of Processing.