Privacy Rules

About Privacy Rules

These Privacy Rules (hereinafter: Rules) explain the procedure implemented by the Croatian Financial Services Supervisory Agency, Franje Račkoga 6, 10 000 Zagreb, personal identification number (OIB): 49376181407, (hereinafter: Croatian Financial Services Supervisory Agency) to collect, use and manage your personal data found on its website and available to the Croatian Financial Services Supervisory Agency by using the website /www.hanfa.hr/.    

The Croatian Financial Services Supervisory Agency is committed to protecting and respecting your privacy. Read these Rule thoroughly in order to understand why and how we collect your personal data and how they will be used. As regards the personal data we collect, the Croatian Financial Services Supervisory Agency is the data controller and it determines the purposes for which and the means by which personal data is processed.

The Croatian Financial Services Supervisory Agency, as the provider of services of the website www.hanfa.hr, is dedicated to protecting the privacy of personal data.

Should you wish to contact us regarding these Rules or regarding your personal data, please use the following contact data:

Croatian Financial Services Supervisory Agency

Franje Račkoga 6

10 000 Zagreb

OIB: 49376181407

Our data protection officer is available at: privatnost@hanfa.hr

How and when do we collect your personal data?

The Croatian Financial Services Supervisory Agency collects personal data for the purpose of improving our business performance and your user experience.

The Croatian Financial Services Supervisory Agency processes personal data when their processing is necessary for the performance of our tasks carried out in the public interest, the exercise of our official authority and the compliance with our legal obligations pursuant to laws and other regulations of the Republic of Croatia and the law of the European Union.

The Croatian Financial Services Supervisory Agency processes personal data only to the extent necessary to achieve the legal purpose of the processing.

Your personal data are treated as confidential data, and are protected properly by the Croatian Financial Services Supervisory Agency and/or our reliable partners.

Which data do we collect directly from you?

When the user engages in specific activities on www.hanfa.hr and/or when you wish to send us your CV, the Croatian Financial Services Supervisory Agency may request the user to provide certain additional personal data. In this case, prior to providing their personal data, the user is obliged to analyse these Rules and accept their application with respect to the additional data.

Depending on the type of activity, some of the data requested are defined as mandatory, and some as optional. In the case where the user does not wish to provide mandatory data for the activity requiring them, they will not be allowed to engage in that activity.

The Croatian Financial Services Supervisory Agency collects and uses personal data in order to enable users to engage in activities on www.hanfa.hr and improve the functioning of this website. Furthermore, personal data may be used to resolve certain issues, perform administrative tasks and establish contact with users (in the case where you contact us by email of telephone).

On www.hanfa.hr, the Croatian Financial Services Supervisory Agency collects personal data of data subjects such as name, surname, email address or other contact data, place of work and IP address.  

In addition to information on these personal data that we collect from users of our website and process, the following text provides information on other types of personal data, including the purpose of their collection and use, that we collect and process while performing our regular tasks related to the registered activities of the Croatian Financial Services Supervisory Agency: 

  • The Croatian Financial Services Supervisory Agency collects and processes personal data from its employees and associates for the purpose of performing employment contracts signed with the employees, and advisory contracts and/or service contracts signed with the associates, relating to HR, administrative or other business/contractual purposes. In the latter case we collect and process data such as name, surname, gender; marital status, citizenship, place of permanent residence, date and place of birth, personal identification number; occupation, academic title, data on professional development and trainings, data on health insurance, work experience; account number (IBAN), photograph and signature.  
  • For the purpose of fulfilling contractual obligations, we collect and process the following data from legal persons: name and surname of responsible persons in legal persons; contact data on persons in charge for communication and fulfilling contractual obligations; academic and professional qualifications of responsible persons in legal persons and signatures of responsible persons.
  • For the purpose of potential employment, the following data may be collected and processed by the Croatian Financial Services Supervisory Agency from job candidates; name, surname, address, contact data (email address, fixed telephone number, cell phone number), photograph, level of education, citizenship, occupation and academic title, data on previous work experience, data on professional development and trainings and results of tests which may point to the capability of candidates to carry out all tasks required by the position they are applying for.

While fulfilling their tasks, the following persons may have access to personal data: legal persons participating in implementing legal relationships with users such as IT support and other companies related to the Croatian Financial Services Supervisory Agency, and public authorities demanding the submission of personal data in accordance with regulations the Croatian Financial Services Supervisory Agency is subject to; in this respect the Croatian Financial Services Supervisory Agency keeps prescribed records on processing activities. 

What are your privacy rights?

The Croatian Financial Services Supervisory Agency acknowledges that all users need to have the opportunity to ensure the accuracy, completeness and timeliness of their personal data. In the case where users find that their personal data are incomplete, inaccurate or out-of-date, they can contact the Croatian Financial Services Supervisory Agency by sending an email to privatnost@hanfa.hr.    

Please bear in mind that you are entitled to require, at any time, the following from the Croatian Financial Services Supervisory Agency:

access to your personal data 

Information as to which personal data are used by the Croatian Financial Services Supervisory Agency, including the access to those personal data Information on the purpose of the processing, categories of your personal data we keep, authorities or types of authorities we share your personal data with, time period of keeping your data, and the source of data in cases where data are collected indirectly.

Should you wish to obtain a copy of some or all of your personal data we keep, feel free to contact us

rectification of incorrect data

We want your personal data to be accurate and up-to-date. You can ask us to rectify or erase data you deem to be inaccurate or out-of-date.

erasure of your personal data 

You can ask the Croatian Financial Services Supervisory Agency to cease processing or even to erase your personal data. If we need your personal data in order to meet certain contractual obligations towards you, the Croatian Financial Services Supervisory Agency could cease to be capable of meeting such obligations. Furthermore, if your personal data are required for the purpose of fulfilling certain legal obligations (e.g. tax obligations), your request might be refused.

restriction of access to your data (for us and/or third parties) in certain processes or entirely 

If you want to contest the accuracy of data, or if we no longer need your personal data for processing purposes, but you require them for the establishment, exercise or defence of legal claims; or if you have opposed the processing on grounds we deem legitimate, you have the right to require the restriction of the processing of your personal data.

object to the manner we process your data

Bear in mind that you have the right to object to processing of personal data based on legal grounds that the Croatian Financial Services Supervisory Agency finds legitimate.

transmission of data to another data controller (data portability) 

If the processing is based on your consent or is carried out by automated means, you have the right to request from the Croatian Financial Services Supervisory Agency the transmission of data to another data controller.

In order to exercise any of the previously stated rights, please use the contact data provided at the beginning of the Privacy Rules.

In case of your dissatisfaction with the manner we have collected or used your personal data, you can lodge a formal complaint with the Personal Data Protection Agency.

Where are your personal data kept?

We keep your personal data in a secure environment. Your personal data are protected from unauthorised access, disclosure, use, alternation or destruction by any organisation or individual. 

Processed data are stored in our premises and IT systems, while sometimes we store data on our trusted service providers’ servers. 

The Croatian Financial Services Supervisory Agency will ensure that personal data are kept in a secure place (which includes reasonable administrative, technical and physical protection in order to disable unauthorised use, access, disclosure, copying or alternation to personal data), the access to which is available to authorised persons only.

Data collected for the purposes defined in these Rules will be kept for no longer than is necessary the fulfilment of these purposes. Your personal data will not be kept in a form that permits your identification for longer than the Croatian Financial Services Supervisory Agency deems reasonable for the fulfilment of the purposes for which they are collected or processed. The Croatian Financial Services Supervisory Agency will keep certain personal data for the time period prescribed by law, i.e. by the regulation obliging the Croatian Financial Services Supervisory Agency to data storage.

In the case where you have given us your consent, your personal data will be kept until the consent is withdrawn. If you object to the processing of personal data on grounds of the legitimate interest, your personal data will not be processed in the future.

Bear in mind also the following: in the case where judicial, administrative or out-of-court proceedings have been initiated, personal data may be kept until the end of such proceedings, including any periods for exercising the right to a judicial remedy. The Croatian Financial Services Supervisory Agency will keep certain personal data for the time period prescribed by law, i.e. by the regulation obliging the data controller to data storage.

Does the Croatian Financial Services Supervisory Agency exchange data with third parties?

We care about privacy protection; therefore, we will never share your personal data with any third parties except for the purposes described in these Rules. 

The Croatian Financial Services Supervisory Agency cooperates with other companies. That means that sometimes we share your personal data, by using secure IT systems. When we do so, data are transferred to servers located in the EU or in a country that ensures an adequate level of protection in accordance with EU law.

As a data controller, the Croatian Financial Services Supervisory Agency may transfer personal data outside the EU if they are necessary for the performance of contracts between the Croatian Financial Services Supervisory Agency and a data processor and/or another data controller, or for the fulfilment of legal obligations. In the latter case, the Croatian Financial Services Supervisory Agency transfers personal data only to countries that provide an adequate level of protection by using contract models that contain binding corporate provisions or binding corporate rules; or in accordance with approved certification mechanisms and/or privacy framework when transferring personal data from the EU and Switzerland to the USA.

Furthermore, your personal information may be given to our reliable partners that maintain our IT system or provide services on behalf of the Croatian Financial Services Supervisory Agency. However, these service providers are obliged, pursuant to relevant contracts, to use the data they are entrusted with only in accordance with our guidelines and exclusively for the purpose we have strictly defined. In addition, we oblige them to protect your data in an adequate manner and to consider them a professional secret.

How long will the Croatian Financial Services Supervisory Agency keep your personal data?

The Croatian Financial Services Supervisory Agency will not keep your personal data longer than necessary for the fulfilment of the purpose of their use.

Being a producer of official statistics and creator of archives and current records, the Croatian Financial Services Supervisory Agency stores personal data for longer periods for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes, subject to the application of appropriate safeguard measures.

Personal data retention periods are prescribed by an internal ordinance governing the protection and processing of archives and current records of the Croatian Financial Services Supervisory Agency.

In the case where data collected are not covered by the above-mentioned ordinance, they will be kept for a maximum period of 5 years and 30 days.

What will we use your data for?

We can use your personal data for several purposes, mostly for fulfilling our contractual and other obligations towards you, but sometimes also for improving your user experience or for security reasons.

Cookies

In order to maintain our website and ensure that its functionalities remain at an adequate level, the Croatian Financial Services Supervisory Agency uses a technology known as cookies. 

Cookies are small text files that we send to your computer and that we can access afterwards. They can be session cookies or persistent cookies. Thanks to cookies, you can search our website without difficulty and obtain the results relevant for you. Cookies show us what you and other visitors of our website are interested in and help us improve it.

Read more on cookies in the Cookie Policy.

Other websites

These Privacy Rules apply only to the use of data collected by the Croatian Financial Services Supervisory Agency from users. Other websites that can be accessed through the website www.hanfa.hr contain their own statements of confidentiality and data collection, as well as manners of their use and disclosure.

The Croatian Financial Services Supervisory Agency is not responsible for privacy policies of third parties.

The Croatian Financial Services Supervisory Agency collects and processes personal date through user interaction on LinkedIn. The Croatian Financial Services Supervisory Agency or responsible persons appointed by the Croatian Financial Services Supervisory Agency have access to messages and/or posts on these social networks; however, personal data collected in this manner, in particular those contained in messages, are not stored by the Croatian Financial Services Supervisory Agency, nor are they processed unless for the purposes defined in these Rules.

The Croatian Financial Services Supervisory Agency has its business profile on LinkedIn; their Privacy Rules, statements of confidentiality and a description of how they use your personal data are available at:

LINKEDIN ONLINE      https://www.linkedin.com/legal/privacy-policy

Should you have any questions regarding the collection and use of data by LinkedIn or should you wish to exercise any of your rights guaranteed by the General Data Protection Regulation, please contact:

FOR LINKEDIN:

LinkedIn Ireland Unlimited Company, Wilton Plaza,

Wilton Place, Dublin 2, Ireland  

Data protection officer contact data:    https://www.linkedin.com/legal/privacy-policy

                                                             https://www.linkedin.com/help/linkedin/ask/TSO-DPO 

Should you be dissatisfied with the manner your personal data are collected and processed, you can contact the lead supervisory authority for LinkedIn, Irish data protection commissioner or Croatian Personal Data Protection Agency.

Entry into force of and amendments to the Privacy Rules

These Rules enter into force on the day of its publication on our website.

The Croatian Financial Services Supervisory Agency reserves the right to amend the Privacy Rules and will publish any such amendments on its website.