The personal data referred to in this Policy refers to all information relating to you as an individual whose identity, directly or indirectly, has been or can be identified (data subject).
The processing and protection of personal data processed by Law Firm is carried out pursuant to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive95/46/EC (GDPR), the Act for Implementation of the General Data Protection Regulation and other positive regulations and in accordance with this Policy.
2. ABOUT US
MAMIĆ GRGIĆ VINTER Attorneys at Law LLC, personal identification number (OIB): 80965217093, registered with the Court Registry of the Commercial Court of Zagreb under no. (MBS): 080978255 is authorized to provide all forms of legal aid (Legal Aid Services).
Regarding the processing of your personal data covered by this Policy, the Law Firm acts as a data controller, which means that it independently determines the purposes and means of processing of your personal data. In exceptional cases, when as part of provision of Legal Aid Services, the client requests us to process certain personal data for a specific purpose determined by the client itself, and which purpose is not related to the usual activities related to representation of parties (e.g. in preparation of a due diligence report on the status of a particular company or certain property), our Law Firm can act as a data processor for the client who will act as a data controller.
3. PERSONAL DATA WE COLLECT
In course of provision of Legal Aid Services to our clients, as well as in situations in which we are required to do so by applicable regulations, the Law Firm processes personal data required to fulfill these obligations. We also process the personal data of our business partners with whom we cooperate in fulfilling these obligations, as well as personal data of persons who are employed or are candidates for employment in our Law Firm.
All personal data we need is collected in minimum necessary measure and always in accordance with the purpose for which they are collected, as well as to keep this data for the shortest possible period and to adequately protect them during their processing and storage.
Processing of personal data is necessary for performance of the Legal Aid Services we provide to our clients, as well as for our Law Firm to act pursuant to applicable regulations, and without such processing our Law Firm will not be able to provide Legal Aid Services.
In the following Paragraphs of this Section, we detail the personal data our Law Firm processes.
A) PERSONAL DATA WE COLLECT DURING PROVISION OF LEGAL AID SERVICES
When providing the Legal Aid Services, we primarily collect the personal data of our clients who are natural persons or directors, other representatives, employees, associates and advisors of our clients who are legal entities, as well as other persons associated with them (e.g. their shareholders and persons associated with these persons).
Also, regarding provision of Legal Aid Services, we collect certain personal data of third parties so that we can provide respective services adequately. These third parties include: counterparties and their lawyers, directors, other representatives, employees, associates, advisors, shareholders and their related persons.
The personal data from these persons which we process refer to: their first and last name, place of residence, personal identification number, registration number or other applicable number under which they are registered with the official registries, the place and date of birth, the functions they perform, phone, mobile phone or fax numbers, e-mail addresses, data on personal documents (identity card, passport, etc.), bank account information, public and private documents issued by competent authorities referring to the aforementioned persons (certificate of health and pension insurance, etc.), information provided by the employer on these persons, as well as any other information relevant to a particular transaction or the process connected with the Legal Aid Services we provide.
B) PERSONAL DATA COLLECTED FOR THE PURPOSE OF COMPLYING WITH REGULATIONS ON PREVENTION OF MONEY LAUNDERING AND TERRORISM FINANCING
Our Law Firm is obligated to perform measures, actions and procedures to prevent and detect money laundering and terrorism financing, so we are required to collect and process personal data of our clients, as specified under this Section, in order to comply with our legal obligations under respective regulation.
The Law Firm process personal data of our clients, along with personal data of their directors, and other officers, beneficial owners, shareholders and other members, and persons close to them (family members and close associates).
The personal data from these persons which we process refer to: their first and last name, place of residence, personal identification number, registration number or other applicable number under which they are registered with the official registries, the place and date of birth, the functions they perform, phone, mobile phone or fax numbers, e-mail addresses, data on personal documents (identity card, passport, etc.).
C. PERSONAL DATA COLLECTED IN THE COURSE OF OUR BUSINESS OPERATIONS
To ensure efficient provision of our services, in our business operations we enter into business relations with third parties that provide us with the specific services. Such third parties include accountants, IT services providers, translators, tax advisors, consultants and other business partners, as well as members of wider business community.
The personal data from these persons which we process refer to: their first and last name, place of residence, personal identification number, registration number or other applicable number under which they are registered with the official registries, the place and date of birth, the functions they perform, phone, mobile phone or fax numbers, e-mail addresses, bank account information, and other information required for payment of the services, as well as any other information relevant to a business relationship with respective business partner.
D. PERSONAL DATA OF EMPLOYEES AND POTENTIAL CANDIDATES
As a part of recruitment process in our Law Firm, from the prospective employees and other candidates (e.g. students, volunteers), we collect CVs and other documentation (applications, recommendations, diplomas, certificates, letters, etc.) which contain their personal data. For assistance during the recruitment process there is a possibility of engaging third party service providers by the Law Firm (employment agencies, consultants) which will have access to personal data received from prospective employees.
We process personal data of employees in accordance with applicable regulations.
The personal data from these persons which we process refer to: their first and last name, photographs, place of residence, personal identification number, place and date of birth, information about current and previous employment and education, phone, mobile phone or fax numbers, e-mail address, and all other information relevant for employment, and we especially refer to special categories of personal data candidates decide to share with us, e.g. state of health of particular candidate.
4. THE PURPOSE OF PROCESSING OF YOUR PERSONAL DATA
The Law Firm process the personal data for the following purposes:
- to provide Legal Aid Services;
- to comply with legal obligations applicable to our Law Firm (e.g. storage of records on the matters in which we provided Legal Aid Services for the period set under the Attorneys Act);
- to conduct regular business operation of the Law Firm;
- to maintain our business network;
- to recruit new employees and other personnel;
- to send relevant news and information to our clients and business partners (e.g. in case of change of applicable regulations and/or practices of competent authorities);
- to contact data subject where necessary and appropriate (e.g. when data subject make inquiries about our legal services);
- to collect claims of the Law Firm incurred during provision of legal services.
5. LEGAL BASES FOR PERSONAL DATA PROCESSING
Legal basis for personal data processing, for the purposes described above, shall typically consists of:
- processing of personal data necessary for the performance of our contractual services to the data subject when data subject is a party to a contract with the Law Firm, or is necessary for performance of certain actions at the request of the data subject before entering into a contract with the Law Firm (e.g. providing legal services to natural persons);
- processing of personal data necessary for the compliance with legal obligations applicable to our Law Firm (e.g. storage of records on the matters in which we provided legal services for the period set under the Attorneys Act, complying with Act on Prevention of Money Laundering and Terrorism Financing);
- legitimate interest of the Law Firm (e.g. for maintaining our business network or collection of our claims incurred during provision of Legal Aid Services);
- explicit consent of the data subject (e.g. job applicants who consent for us to keep their personal data for future employment).
6. RECIPIENTS OF YOUR PERSONAL DATA
Our Law Firm will not distribute, provide insight or otherwise make personal data accessible to third parties, apart from the persons mentioned in this Policy and when its obliged to do so in order to comply with relevant regulations. In case that some of the recipients act as data processors, meaning that they are not authorized to process personal data without our order, the Law Firm shall enter into agreements with them in which the processing of personal data is prescribed in detail.
The Law Firm may distribute your personal data to the following:
- courts and other public authorities, arbitration bodies, authorized translators, experts, tax advisors, the Financial Agency, opposite party or its representative in a court or other procedure, all for the purpose of Providing legal aid services;
- Financial Inspectorate of the Ministry of Finance and other competent bodies for fulfilling obligations of the Law Firm in preventing money laundering and the financing of terrorism and the obligation to notify the said body on suspicious transactions;
- courts and other public authorities, the Financial Agency, the debt collection companies and third parties, regarding claims of the Law Firm;
- providers of IT Services engaged for maintenance and protection of information technology and information systems of the Law Firm, as well as for maintenance of web site;
- persons engaged to perform accounting and/or bookkeeping services
- notaries public, tax advisors, accountants, auditors, consultants, banks by order of the data subject for the purpose of providing Legal Aid Services;
- other persons listed under point 3 of this Policy.
7. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
In the event of transfer of personal data to countries or international organizations outside the European Union or European Economic Area, we will ensure an adequate level of protection of the personal data of data subjects (e.g. application of standard personal data protection clauses) pursuant to the GDPR.
8. PERIOD FOR WHICH WE STORE PERSONAL DATA
We will process personal data until the purpose for which the personal data are processed is fulfilled.
After fulfilling the purpose, we keep personal data in accordance with the relevant legal regulations. According to the Attorneys Act we are obliged to keep records for at least ten years after the final termination of the proceedings in which we have represented the client. The ten-year period also applies to the obligation to keep the documentation collected for meeting our obligations under Act on Prevention of Money Laundering and Terrorism Financing. We are obliged to keep the accounting documentation for a period of eleven years.
Once is no longer necessary to keep the personal data we will destroy or anonymize them in such manner that the identification of the data subjects to which the personal data are related to will no longer be possible.
9. YOUR RIGHTS REGADING PERSONAL DATA PROCESSING
- the right to obtain confirmation as to whether or not your personal data are being processed by the Law Firm, and, where that is the case, access to such personal data, with the possibility of obtaining a copy of the personal data undergoing processing (Right of access by the data subject);
- • the right to obtain, without undue delay, the rectification of inaccurate personal data and/or right to have incomplete personal data completed (Right to rectification);
- • the right to obtain the erasure of personal data without undue delay (Right to be forgotten), if: - the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; – you have withdrawn the consent on which the processing is based and there is no other legal basis for the processing; – you have exercised your right to object to the processing of personal data concerning you which is based on the purposes of the legitimate interests pursued by the Law Firm, - the personal data have been unlawfully processed, – the personal data have to be erased for compliance of the Law Firm with a legal obligation under the applicable law.
- for exercising the right of freedom of expression and information,
- for compliance with a legal obligation under applicable law and for reasons of public interest, especially in public health,
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, with the mandatory application of measures for the protection of personal data,
- for the establishment, exercise or defense of legal claims;
- the right to withdraw the consent for the processing of personal data at any time if the processing is carried out based on the consent, but without affecting the legality of processing that was based on the consent prior to the withdrawal;
- • the right to request a restriction on further processing of personal data in case (i) the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data, (ii) the processing is unlawful but you do not request the erasure of personal data, (iii) you have objected to the legal interest on which the processing of personal data is based on pending the verification whether the legitimate grounds of the controller override those of the data subject or (iv) if there is no need of the personal data for the purposes of the processing but you require them for the establishment, exercise or defense of legal claims (Right to restriction of processing);
- the right to transmit the personal data that are being processed to another controller if the processing is based on your consent or on the contract to which you are party of, by direct transmitting between the Law Firm and another controller where technically feasible (Right to data portability);
- the right to object the processing of your personal data if the processing is based on the legitimate interests pursued by the Law Firm (Right to object);
- the right to lodge a complaint with the supervisory authority (Croatian Personal Data Protection Agency – AZOP);
- the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you, except if the decision: (i) is necessary for entering into, or performance of, a contract between you and the Law Firm, (ii) is authorized by European Union or Croatian law and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, (iii) is based on your explicit consent. In the cases referred to in points (i) and (iii) hereof, the Law Firm shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, whereby the Law Firm shall at least secure you the right to obtain human intervention on the part of employee of the Law Firm, the right to express your point of view and the right to contest the decision.
Law Firm shall provide the requested information free of charge, but where requests from a data subject are manifestly unfounded or excessive, in particular repetitive character, Law Firm reserve the right to:
- charge a reasonable fee considering the administrative costs of providing the information or communication or taking the action requested; or
- refuse to act on the request.
10. SAFETY OF YOUR PERSONAL DATA
When processing, we take appropriate action we undertake technical and organizational measures to protect personal data from incidental loss, destruction, unauthorized access, unauthorized changes, unauthorized disclosure and any other misuse.
We have ensured protection of our computer system using antivirus, antispam, antispyware and antimalware programs, as well as the appropriate firewall. Additionally, access to certain personal data is allowed only to the persons in the Law Firm authorized to process this data.
We have ensured personal data protection measures which include: the installation of the equipment in the premises with limited access, the existence of computer data backup systems, engagement of IT experts who maintain and evaluate the effectiveness of technical data protection measures, using passwords on computers used in business and other.
All employees of the Law Firm are informed and educated about the provisions of the applicable personal data regulation, the obligation to comply with and the way of their implementation and are required to maintain the confidentiality of personal data.
11. FURTHER PROCESSING OF PERSONAL DATA FOR OTHER PURPOSE
In need of processing your personal data for purposes other than purposes stated in this Policy, before start of such processing, our Law Firm will provide you with a new notice containing all information about processing for this.
12. BREACHES, QUERIES AND COMPLAINTS
In the event of a personal data breach that will, in accordance with the risk assessment, likely cause a high risk to your rights and freedoms, the Law Firm will also notify you on such personal data breach, unless:
- appropriate technical and organizational protection measures have been undertaken, and these measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption,
- subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize, have been undertaken (the Law Firm has been able to undertake actions to disable the use and further sharing of breached personal data),
- it would involve disproportionate effort (e.g. contacts of the data subjects was lost due to the breach, which was publicly disclosed or communicated on to the data subjects).
If you have any queries, requests or complaints, please contact our Law Firm via following contact details:
- address MAMIĆ GRGIĆ VINTER d.o.o., Banjavčićeva 22, 10000 Zagreb, Croatia
- e-mail email@example.com
- phone 00 385 1 5566 566
- fax 00 358 1 4577 414
- address Agencija za zaštitu osobnih podataka, Selska cesta 136, 10000 Zagreb, Croatia
- e-mail firstname.lastname@example.org
- phone 00 385 01 4609 000
- fax 00 385 01 4609 099