en +385912539111
Mon - Fri 09:00-17:00

Privacy Policy

Last edited: 25.05.2018.

Who is the manager of your personal data processing?

Law Firm Crnkovic & Partners LLC, Ilica 5, 10000 Zagreb, OIB: 46923837013, e-mail: crnkovic@loc.hr (hereinafter: “Controller” or “we”) respects your privacy and is committed to protecting it during and after your visit to this website site (hereinafter ” The website”, “The Site”), visiting our business locations and when you use any of our products or services. We have set up appropriate physical, electronic and management procedures to protect the processing of personal data. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or information stored on this website or on our servers will be completely secure from unauthorized access by third parties. Therefore, we have policies in place to determine how your personal data shall be processed and protected.

By accessing the Site, entering our business locations and using our services, you accept this Privacy Policy and understand and acknowledge that we collect and use your personal data as specified in this Policy. This Privacy Policy is subject to change, and the date of the last change is indicated in the title.

As a Controller, we process your personal data in accordance with the applicable rules on personal data protection, in particular in accordance with the General Data Protection Regulation (EU) 679/2016 (hereinafter: GDPR) and the Law on the Implementation of the Croatian General Data Protection Act (Official Gazette 42/2018).

Types of personal data that will be processed, purpose and legal basis of personal data processing

As data controller we process your personal data, that is information that can directly or indirectly identify you, in particular through identifiers such as your first name, last name, email address, phone number, date of birth, address, credit card number, opinions about our services, IP address and other personal information when communicated with us when contracting (“personal data”), especially when:

  • you contact us via e-mail or connect with us via social networks,
  • make comments or ask questions,
  • we process your application or job application
  • you access our Site
  • you are a visitor to our business locations
  • we issue an “R1” invoice for products/services
  • we cooperate with you as our suppliers and business partners

We process personal data on the basis of your consent, legitimate interest, for the performance of a contractual obligation, and on the basis of a legal obligation. The processing of Personal Data is limited only to the purpose for which it was collected in accordance with the terms of this Privacy Policy.

When we process data on the basis of your consent, we process only those personal data that you have voluntarily given us when communicating with us, in order to answer your questions or process your job application. The purpose of the processing is to take steps according to your request, for example, answering questions and comments, receiving offers, communicating about your activities on the site, processing open applications and applications for tenders.

On the basis of legitimate interest, we process personal data when you access our Site (IP address). The purpose of this processing includes the investigation of suspected fraud, harassment, physical threats or other violations of the Site’s rules, or any suspicious behaviour that we consider indecent. We process the recordings/pictures of the participants at our events for the purpose of promoting the event.

In order to fulfill contractual obligations and on the basis of legal and by-law regulations, we are obliged to process your personal data when you buy our products or use our services. The data of business partners is specially processed (e.g. agreements regarding the execution of services), in addition, we also process the contact data of business partners who are natural persons and their employees (e.g. first and last name, official telephone / mobile phone number, e-mail address), as well as customers who request the issuance of an “R1” invoice.

Open job applications and announced tenders

We process open applications from candidates who want to work with us and applications from candidates for tenders that we announce in such a way that only authorized persons have access to these personal data, and the data is kept for 2 years from the date of receipt of the open application.

Storage of personal data

We process personal data only for the time necessary to achieve the purpose of processing them.

We only process personal data that we process on the basis of consent until you withdraw your consent, while you can object to the processing of personal data on the basis of legitimate interest. We keep open applications and applications for tenders for 2 years from the date of receipt. Other personal data that we process on the basis of your inquiries are kept for a maximum of 6 months from the date of receipt, and we keep the data of business partners until the termination of business cooperation and do not deliver them to third parties or export them to third countries. In doing so, we do not collect any data of a private nature, but data related to the fulfillment of work tasks.

We store all other personal data that we process on the basis of the execution of the contractual relationship and on the basis of legal obligations in accordance with positive regulations in which the storage time is determined (e.g. the Accounting Act). Exceptionally, we will keep your personal data longer than the stated deadlines when it is necessary to fulfill mutual legal requirements.

At the end of the term, we will destroy stored personal data printed on paper in a safe way, for example by shredding, while we will irreversibly delete data in electronic form.

Your Personal Data may be disclosed in the following cases:

  • entities that maintain our IT systems,
  • entities that we have authorized to process Personal Data, which are subject to the appropriate legal obligation of confidentiality (e.g. bookkeeping service),
  • law enforcement services and public authorities when required by applicable law or in good faith (for the purpose of protecting and defending our rights and/or property or to act in urgent circumstances to protect the personal safety of our guests, employees, the Site or the public),
  • to business partners for their needs only in accordance with appropriate legal grounds,

Transfer of Personal Data to third countries

The information we collect is stored within the European Union (EU) and the European Economic Area (EEA) excluding Switzerland, but may also be transferred to and processed in a country outside the EU and EEA. Any such transfer of personal data will be carried out in accordance with applicable legal regulations. For transfers outside the EEA, we use Standard Contractual Clauses, adequacy decisions, appropriate protective measures, which guarantee adequate protection of personal data.


Our website uses cookies. We use cookies to provide you with the service and fulfill legal obligations. We may, with your consent, use cookies to analyze traffic on our pages or to provide support.

Cookies are text files that are stored in the computer system via the internet browser.

The Electronic Communications Act stipulates that we can store cookies on your device if they are absolutely necessary for the operation of this site. We need your consent for all other types of cookies. This Site uses different types of cookies. Some cookies are set by third parties that appear on our pages.

Provisions on the protection of data on the application and use of: LinkedIn

On its websites, the data controller can integrate or has integrated components of social networks.

LinkedIn is a social network operated by LinkedIn corporation 1000 West Maude Avenue Sunnyvale, CA 94085 United States. For persons outside the United States and Canada, the controller is LinkedIn Ireland Unlimited Company Wilton Plaza, Wilton Place, Dublin 2, Ireland. The privacy policy is available at https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=privacy.linkedin.com and https://privacy.linkedin.com/gdpr and provides information about collection, processing and use of personal data on that social network.

Management of consents

You can always revoke the permissions granted to us.

If you revoke your consent, we will no longer process your data for the stated purposes, but this does not affect the legality of the processing before the consent was revoked.

Your rights

a) Right to correction:

If we process your personal data that is incomplete or incorrect, you can ask us to correct or supplement it at any time.

b) Right of access:

You have the right to receive a confirmation about whether we process your personal data or not, and where this is the case you have under the conditions of Art. 15 of the General Regulations to request access to this data.

c) Right to erasure:

You can ask us to delete your personal data if we have processed them illegally or if this processing represents a disproportionate intrusion into your protected interests. Please take into account that there are reasons that prevent immediate deletion, for example to comply with a legal obligation that requires processing.

d) Right to restriction of processing:

You can ask us to limit the processing of your data:

  • if you dispute the accuracy of the data during the period that allows us to check the accuracy of the data;
  • if the processing of the data was unlawful, but you refuse the deletion and instead request the restriction of the use of the data;
  • if we no longer need the data for the intended purposes, but you still need them to meet legal requirements or;
  • if you have filed an objection regarding the distribution of this data.
  • e) The right to data portability:
  • You can ask us to deliver the data you have entrusted to us for archiving in a structured form, in the usual machine-readable format:
  • if we process this data on the basis of the consent you have given us and which you can revoke or for the purpose of executing a contract i
  • if the processing is done using automated processes.

f) The right to object:

If we distribute your data for the purpose of performing tasks of public interest or tasks of public bodies, or when processing them, we refer to our legitimate interests, you can file a complaint against such data processing if there is an interest in protecting our data.

g) The right to object:

If you are of the opinion that we have violated Croatian or European data protection regulations when processing your data, please contact us in order to clarify any questions. You certainly have the right to file a complaint with the competent supervisory body, which is the Croatian Personal Data Protection Agency, Selska 136, Zagreb.

Exercising your rights

If you wish to exercise any of the above rights, please contact us using our contact details in this privacy policy.

When you submit a request in order to exercise your rights, we are obliged to establish your identity first, and for this purpose we will ask for additional information to verify it. This serves to protect your rights and private sphere.

If you use any of the above rights too often and with the obvious intent of abuse, we may charge an administrative fee or refuse to process your request.

Changes and updates to our privacy policy

We reserve the right to change or update this Privacy Policy at any time and without prior notice. Please check back from time to time for any changes or updates to our Privacy Policy.