PRIVACY POLICY
1. The processing of personal data while providing legal services, as well as when using our website www.obidlegal.hr, is of exceptional importance to us. The law firm Bišćan and Dlačić j.t.d., as the data controller, is responsible for the protection of your personal data on this website.
2. We process your personal data in accordance with the General Data Protection Regulation (EU Regulation 2016/679) and the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/2018).
3. By accepting this Privacy Policy when visiting our website, you confirm that you have read, understood, and agree with the processing of personal data as set out in these Rules.
4. For the purpose of protecting your personal data, we have taken appropriate technical and organizational measures, which we continuously improve, and which protect your personal data from loss, misuse, or unauthorized access. However, we cannot guarantee complete protection during the transfer of personal data to or from our website, so it is extremely important that you also take care of the security of your computer and the safe storage and confidentiality of your personal data.
5. Categories of personal data and purpose of processing
5.1. Client category
We process the following personal data:
– identification data such as first and last name, personal identification number (OIB), address, ID card number, photograph, other data contained in the ID card;
– contact data such as e-mail address, phone number (mobile and/or landline);
– banking data such as: IBAN, bank name; type of card, etc.;
– data on other persons – opposing parties and attorneys, witnesses, experts, officials conducting proceedings, employees of courts and other state authorities, notaries public and similar, which are necessary for initiating and conducting proceedings before competent authorities, or generally for representation or providing other forms of legal assistance; the content of your inquiries and our responses, documentation you have made available to us, file notes (court and out-of-court), documentation of our services, evidence of services provided, cost calculations;
– as well as all other data you provide to the Office before or during the provision of legal assistance that are necessary for providing legal assistance;
– special category of personal data: may include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data concerning health, data concerning sex life, data concerning sexual orientation.
Purposes of processing:
a) legal services: The Office may process your personal data based on the Attorney Act, a granted power of attorney, a concluded contract, or a decision of a competent authority for the purpose of providing legal assistance, in particular for initiating and conducting proceedings before competent authorities, drafting documents, general representation, and legal advice. Therefore, we process your personal data that is necessary to provide legal advice, draft documents (contracts, wills, statements, etc.), represent you before courts and other competent institutions, as well as in out-of-court representation, all for the purpose of protecting your rights and legal interests.
The processing of personal data is based on a contractual legal basis (a representation agreement or mandate or power of attorney) under Article 6(1)(a) and (b) of the General Data Protection Regulation. However, taking into account the specific nature of the legal profession, the processing of data is also based on Article 6(1)(d), (e), and (f) of the General Data Protection Regulation.
b) Fulfillment of legal obligations
We process your personal data in order to fulfill our legal obligations as a data controller. In certain cases, the Office is required to process your data in order to comply with legal obligations. Such processing may result from mandatory legal regulations, for example tax, commercial, anti-money laundering, criminal regulations and similar, that is, as a result of state supervision and control and the statutory obligation to provide data.
The processing is based on Article 6(1)(c) of the General Data Protection Regulation.
5.2. Data subject category – request for exercising rights:
– e-mail address, first name, last name, phone number (mobile and/or landline);
– if necessary, a copy of an identification document (solely for the purpose of establishing the identity of the data subject).
Purpose of processing personal data: legitimate interest – responding to your request.
5.3. Business partner category:
– business partners who are natural persons – identification data: first and last name, personal identification number (OIB), etc.; contact data: address, phone number, mobile number, etc.; banking data such as: IBAN, bank name; type of card, etc.;
– contact person of a business partner – identification data: first and last name, etc.; contact data: address, phone number, mobile number, etc.; data related to the position with the business partner (position, department, etc.).
Purpose of processing personal data: personal data are processed for the purpose of exercising rights and obligations arising from contracts concluded with business partners, in particular for issuing invoices for services provided. Certain personal data may also be processed if this is necessary to comply with the legal obligations of the data controller. Personal data may also be processed for the purposes of the legitimate interests of the data controller, for example: business communication, keeping records of business partners, and assessing mutual cooperation.
6. Delivery of personal data
You are not obliged to provide us with your personal data. However, the provision of personal data is mostly necessary for the performance of our legal services or the contract, therefore we must point out that without the provision of personal data (depending on each individual case) we will not be able to provide you with complete legal advisory and representation services.
7. Sources
We collect your personal data, in addition to those you have provided to us personally, if there is a need for this, exclusively for the purpose of protecting your rights and legal interests as our client, also from competent state institutions and third parties.
When we collect data about persons who are not our clients, we collect them based on your statements or based on legal authorizations contained in special laws, or based on access to publicly available registers.
8. Recipients
Access to your personal data may be given to attorneys, trainee attorneys, as well as other employees of the Office responsible for accounting, mail dispatch, and administration.
Access to your personal data may be given to external recipients only if this is necessary for the performance of our legal service or if this results from a mandatory legal regulation.
External recipients may be:
– competent state authorities (such as the Croatian Pension Insurance Institute and the Croatian Health Insurance Fund, the Tax Administration, courts, FINA, the Ministry of the Interior, etc.);
– providers of accounting and similar services to the data controller;
– providers of IT support services to the data controller;
– related persons of the data controller;
– banks, credit and financial institutions and similar;
– notaries public; opposing parties, representatives of opposing parties, and employers of opposing parties;
– experts, court interpreters, and translators;
– third parties in relation to whom there is a legal obligation to provide the data subject’s personal data;
– other third parties for the purpose of achieving interests related to the purpose of providing legal assistance or achieving a legitimate interest.
In the event of a possible transfer of personal data outside the Republic of Croatia, we will take the necessary measures to protect your personal data in order to ensure that the third party to whom your personal data are transferred provides the same level of protection of your personal data as that in the Republic of Croatia. At any time, you may obtain information from the Office whether your personal data are transferred outside the Republic of Croatia, as well as about the protection measures taken, at the contact details listed below.
9. Storage period
a) We are obliged, in accordance with Article 11 paragraph 2 of the Attorney Act, to keep the personal data referred to in point 5.1 for ten years from the final conclusion of the proceedings. However, if enforcement proceedings based on a final and enforceable judgment are ongoing, proceedings based on extraordinary legal remedies, protection of your rights before the Constitutional Court of the Republic of Croatia and/or the European Court of Human Rights, etc., then we keep your data for an additional ten years, calculated from the day on which all legal remedies have been exhausted for the purpose of protecting your rights and legal interests.
An exception to the above are documents (wills, contracts, etc.) that you have entrusted to us for safekeeping, which we keep based on your instruction until you collect them.
Taking into account the specific nature of the legal profession, as data controllers we may, in individual cases and depending on special circumstances, determine a longer storage period of files for the purpose of protecting legitimate and legal interests.
If mandatory legal regulations require a longer storage period, your data will be deleted after the expiry of the additional statutory periods.
b) We keep the personal data referred to in points 5.2 and 5.3 for at least five years, except in the case of exercising or defending legal claims or if a mandatory legal regulation does not prescribe a longer retention period.
10. Web cookies
We use cookies that are exclusively necessary for the proper display and operation of this website, and we do not collect your personal data through cookies.
11. Rights that belong to you:
Right of access – you may request confirmation whether your data are being processed, for what purpose, and to what extent.
Right to rectification – if we process your personal data that are inaccurate or incomplete.
Right to erasure – you may request the erasure of your personal data if the purpose for which they were collected no longer exists, if the processing is unlawful, if the processing disproportionately interferes with your protected legitimate interests, or if the processing of data is based on your consent which you have withdrawn.
However, it is necessary to take into account the possible existence of other reasons that may be contrary to the complete erasure of your personal data, for example storage that is expressly prescribed by law, the existence, exercise, or defense of legal claims, and similar.
Right to data portability – the data that you have provided to us and that we process on the basis of your consent or for the performance of a contract, and whose processing is carried out by automated means, will be provided to you at your request in a structured, commonly used, and machine-readable format. If technically feasible, at your request we may transfer them directly to another data controller.
Right to restriction of processing – you have the right to request restriction of the processing of your data:
– if you contest the accuracy of your personal data, for the period that allows us to verify the accuracy of the data;
– if the processing is unlawful, but you have refused erasure and instead request restriction of the processing of the data;
– if your personal data are no longer necessary for the intended purpose, but you still need them for the establishment or defense of legal claims;
– if you have objected to the processing of personal data, pending verification of whether the legitimate grounds of the data controller override your grounds.
Right to object – at any time you may object to the processing of your personal data in accordance with Article 6(1)(f) of the General Data Protection Regulation, that is, if we process your personal data in the public interest or base the processing on the needs of our legitimate interests.
* When exercising your rights, please make sure to provide us with proof on the basis of which we can unquestionably determine your identity (personal identification document).
Right to lodge a complaint – if you believe that, in processing your personal data, we have violated personal data protection regulations and thereby infringed your interests, rights, and freedoms, please contact us so that we can clarify all possible issues.
In addition to contacting us directly, with your objection or complaint you may also contact the supervisory authority for personal data protection in the Republic of Croatia – the Personal Data Protection Agency (AZOP), Martićeva 14, 10000 Zagreb.
12. We will provide you with information on the actions taken no later than within one month from the date of receipt of your request.
If the processing of the request is complex or if there is a large number of requests, this period may be extended by an additional two months, but in that case we will inform you of the reasons for the possible extension of the deadline.
Also, if we are not able to act upon your request, we will inform you of our decision, stating the reasons for such a decision and the possibility of submitting a complaint or appeal to the Personal Data Protection Agency.
In the event that requests are manifestly unfounded or excessive, in particular due to their repetitive nature, we may charge a reasonable fee based on administrative costs or refuse to act on the request.
Please contact us to obtain the request form for exercising rights.
13. Automated processing including profiling
When providing our legal services, automated processing and profiling within the meaning of Article 22 of the General Data Protection Regulation are excluded.
14. Terms and amendments
The Privacy Policy may be amended without prior notice, in particular in the event of changes in legal requirements and for the purpose of compliance.
15. For the exercise of your rights and all additional questions, please contact us:
Contact details of the data controller:
Law firm Bišćan i Dlačić
Attorney Igor Dlačić or Attorney Zoran Bišćan
Petrinjska 31, 10000 Zagreb
OIB: 17630841039
Tel: +385 1 4880235
Mob: +385 91 3636 217
Email: office@obidlegal.hr
Web: www.obidlegal.hr
Zagreb, 02.05.2025.