PROCESSING OF PERSONAL DATA
Law firm Božić and partners Ltd. – Information about the processing of personal data
This Information is intended to provide you with more detailed notifications about the processing of your personal data by Law firm Božić and partners Ltd. and to inform you about the rights you may exercise in relation to the processing of these data. Protecting your privacy is extremely important to us, so please read this Information carefully.
- Who is responsible for processing your personal data?
As we determine the purpose and means of processing your personal data, we are responsible for processing your personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679):
Law firm Božić and partners Ltd., Radnička cesta 80, 10000 Zagreb, PIN: 91973178034,
Tel: +385 (0)1 481 9642; Fax: +385 (0)1 481 9648, 641 4888
e-mail: firstname.lastname@example.org; www.bozicipartneri.eu
For questions regarding the processing of your personal data or the exercise of your data protection rights, please contact our Data Protection Officer:
Law firm Božić and partners Ltd., Radnička cesta 80, 10000 Zagreb, marked “for Data Protection Officer”
- For what purposes and on what legal grounds do we process your personal data?
We process your personal data in accordance with the provisions of the General Data Protection Regulation, the Law on Implementation of the General Data Protection Regulation and other regulations on protection of personal data.
We process your personal data for the purposes set out in this Information and in accordance with the following legal bases:
- Fulfilment of legal obligations
We process your personal dana in order to fulfil our legal obligations, such as keeping business records, etc.
- Legitimate interests
We have the right to process your personal data for the purposes of our legitimate interests, except where those interests are weaker than your interests or your fundamental rights and freedoms which require the protection of personal data. Simultaneously, we will take into account your reasonable expectations about the processing of personal data based on your contractual or other relationship with us.
Our legitimate interest is e.g. processing of personal dana for the purpose of preventing and detecting criminal or misdemeanour offenses that could occur at the premises of the data controller, for the purpose of prevention of injury to clients and/or employees of the data controller, for the purpose of meeting hygiene / sanitary requirements, transfer of personal data between the data controller and the data processor for the purposes of executing the service agreement with data controller and/or data processor and the administrative need thereof (issuing invoices, etc.).
The processing of special categories of your personal data, (e.g., health data in case you inform us about the specifics of your health condition, etc.), unless we need to process it to establish, exercise or defend against legal requests (e.g., in the event of a court case being instituted against the data controller in which the data controller would be required to submit data about your health status or other personal data from a special category of personal data to the competent court to protect his rights and interests) or unless otherwise is required by binding / applicable regulations, may only be performed based on your explicit consent. In that case, we will take the appropriate measures to inform you promptly, in a concise, transparent and easily accessible form, about the purpose of the processing for which we require your consent, in order that you can make an informed decision about whether you wish to grant us such a consent.
If we process your personal data on the basis of a given consent, we inform you that you have the right to withdraw your consent at any time, as described in the section “What are your rights regarding the processing of personal data?”.
- What categories of personal date do we process?
We process the personal data which we collect from you and primarily your basic personal data (e.g. name and surname, date of birth, address, personal identification number, telephone number, e-mail address).
- To whom the personal data will be disclosed?
If necessary, to achieve the aforementioned processing purposes, or if it is determined by binding applicable regulations, we may disclose your personal data to natural and / or legal persons, public authorities or other bodies (recipients).
We will only disclose and supply recipients with such data which are necessary to achieve the specific purpose of the processing of your personal data.
We may, in accordance with special regulations, provide your personal data to public authorities, such as the ministry responsible for finance, the ministry responsible for internal affairs, the competent public prosecutor’s office, as well as the court, notary or tax authority, for the purpose of carrying out their official tasks and/or the needs of the procedure they lead, etc.
We may also provide your personal information to other recipients, that is, natural and legal persons with whom we are in business relationship, i.e. if they act as our data processor (e.g. accountant, lawyers, debt collection agencies, postal and courier service providers, IT service providers, financial institutions, certified auditors / audit firms etc.).
If we hire other natural or legal persons to process your personal data solely on our behalf and according to our instructions (data processor), we will only hire them based on a written agreement and if they sufficiently guarantee the implementation of appropriate technical and organizational measures which meet the requirements of the General Data Protection Regulation and regulations on protection of personal data and ensure the protection of your rights and the security of the processing of your personal data.
In addition, we may disclose or make your personal information available to third parties in the following cases: if you explicitly give your written consent for disclosure of certain confidential data for a particular purpose or to a specific person; if the data is required by the ministry responsible for the internal affairs or the competent public prosecutor’s office for the purpose of carrying out tasks within their jurisdiction; if the data is required by the court or notary public for the procedure which they conduct and the disclosure of such data is required in writing; if such data is required by the tax authority in a procedure which it carries out within its jurisdiction and in other cases in accordance with the binding applicable provisions.
- Where your personal data will be processed?
Your personal data is processed solely within the European Economic Area (EEA) and there is no transfer of your personal data to third countries (non-EEA countries).
- How long do we keep your personal data?
We keep your personal data for as long as necessary to fulfil the purpose for which it is processed, unless we are obliged by legal deadlines to keep it for additional period of time.
In relation to the agreement for the use of the services of the data controller and / or the dana processor, the retention period of your personal data is determined by the duration of that Agreement. The documentation that we must keep and the retention periods are additionally prescribed, for example, in the General Tax Act, etc.
In addition, we keep personal data as long as there is a legal possibility to place a legal requirement based on the agreement for the use of the services of the data controller and / or the dana processor, including the statutory period (e.g. for the purpose of enforcement) after the final termination of judicial, administrative or other appropriate proceedings instituted for the exercise of, or related to, the rights and obligations associated with the agreement for the use of the services of the data controller and / or the data processor.
If we process certain personal data on the basis of a consent, in the event of a withdrawal of the consent, we will delete your personal data, unless there is another legal basis for the processing or if the processing of your personal data is necessary in order to establish, exercise or defend legal requests.
- What are your rights regarding the processing of personal data?
Under the conditions laid down in the General Data Protection Regulation, you have the following rights in relation to the processing of your personal data:
- right of access – the right to access information as to whether we are processing your personal data and if such personal data is being processed, access to personal data and information about the processed personal data, the purpose of processing, storage time, transfer to third countries, etc.
- right to rectification – the right to correct inaccurate and the right to complete incomplete personal data
- right to erasure (‘right to be forgotten’) – the right to delete personal data relating to you if, among other things, personal data are no longer necessary for the purposes for which they were collected or otherwise processed, if you have withdrawn your consent for the processing and there is no other legal basis for processing, if your personal data have been illegally processed, etc. This right has limitations so it cannot be applied if the processing of your personal data is necessary for the purpose of establishing, exercising or defending legal requests or for compliance with our legal obligation requiring dana processing according to the binding regulations.
- right to restriction of processing – the right to ask us to limit the processing of your personal data (e.g. when you dispute the accuracy of your data)
- right to object – the right to oppose the processing of your personal data which we process on the basis of a legitimate interest. In this case, we may process your personal data solely if we prove that our legitimate interest for processing goes beyond your interests, rights and freedoms or in order to establish, exercise or defend a legal request.
- right to data portability – the right to receive and transfer data to another data controller if you have provided us with personal data in a structured, commonly used, machine-readable and interoperable format, and the processing is based on consent or contract
- right not to be subject to a decision based solely on automated processing, including profiling – the right not to be affected by a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you, unless such decision is necessary for the conclusion or execution of your contract of representation, permitted by European or national law which prescribes appropriate measures to protect the rights and freedoms and legitimate interests of data subject or based on the explicit consent of data subject
- right to withdraw consent – if the processing of personal data is based on your consent you have the right, without any consequences, to withdraw your consent at any time by submitting a written withdrawal notice to the Data Protection Officer, by coming to the business headquarters of the data controller or through the user (web) interface, if applicable. In that case, we may no longer process your personal data unless there is another legal basis for processing. Withdrawal of the consent has effect from the moment of its declaration, which means that it does not affect the lawfulness of the processing of your personal data in the period from the giving of the consent to its withdrawal.
You can contact our Data Protection Officer in order to realize all your rights regarding the processing of personal data.
In order to process your claim, we have the right to ask you for additional data to verify your identity. If we cannot confirm your identity, we have the right to refuse to act on your request. If your claims are manifestly ill-founded or excessive, especially due to their frequent repetition, we have the right to charge you a reasonable fee or to refuse to act on the claim.
- Right to complain to the supervisory authority
If you consider that the processing of your personal data is not in accordance with the regulations on protection of personal data, you have the right to complain to the supervisory authority in the Member State in which you have your habitual residence, where is your place of residence or where is the place of violation regulations on protection of the personal data.
In the Republic of Croatia, the supervisory authority to which you can file a complaint is the Croatian Personal Data Protection Agency (www.azop.hr).
Without prejudice to your right to file a complaint to the supervisory authority, we suggest that you contact our Data Protection Officer for clarification of disputable issues before filing a complaint.
Information about the processing of personal data are available to you at any time on interface (web) of the data controller www.bozicipartneri.eu