IGEA d.o.o. (“Company” or “Controller”) respects your privacy and undertakes to protect the personal data it collects and processes in the course of its business activities. The security of your personal data is of great importance to us, and we undertake to act in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data, and on repealing Directive 95/46/EC (“Regulation”) and applicable laws.
The manager of the processing of your personal data is:
Frana Supila 7/B
Phone: 00385(42) 556 700
We have appointed a data protection officer to whom you can contact in relation to all questions, objections, objections, requests or other comments regarding our processing of your personal data at the e-mail address: email@example.com or at the following address:
Law firm Palić i partners j.t.d.
Crvenog križa 33
Phone: 00385(1) 4500 555
Contact form: Link to the form
The controller processes personal data of the following categories of individuals:
In our regular business, we develop and maintain software solutions and services, implement our own and partner software applications, provide software maintenance and customization services, and provide software as a service (SaaS).
As part of regular business, we collect or process the following personal data according to categories of individuals and processing purposes:
Providing personal data is voluntary. If you want to apply to participate in the recruitment competition for the advertised position, we need your personal data that we requested in the application form, that is, that we will collect about you during the further application process and candidate selection for the above-mentioned purpose. However, the consequence of not providing personal data will be your inability to apply for the published advertisement and/or participate in the further selection process.
We collect and process primarily personal data prescribed by valid legal regulations in the field of commercial law, accounting, tax law and the like, as well as the corresponding contracts we conclude with business partners. In principle, these are the following categories of personal data:
We process the above personal data for the following purposes based on our legitimate interest, contracts concluded with business partners or valid legal regulations in the field of commercial law, accounting, tax law and the like:
If we need to process personal data for other purposes, we will inform you separately. For the stated purposes, we can process personal data of individuals using technical means, especially in the context of video surveillance of our business premises and external areas, as well as in the context of monitoring information and communication systems, networks and devices, and in accordance with the procedures and other internal general and individual acts of the Company.
The processing of most of this personal data is prescribed by appropriate legal regulations in the field of commercial law, accounting, tax law, etc., and is therefore binding, that is, you are obliged to provide it to us, and we are obliged to collect and process it in accordance with such regulations. If you do not provide us with such mandatory data, we will not be able to establish a business relationship, or remain in a business (contractual) relationship. Only exceptionally, providing us with certain types of data for certain purposes may be voluntary, i.e. the only consequence of not providing such personal data would be your inability to obtain some additional benefits that we can offer you based on your voluntary and informed consent, which you will be able to withdraw at any time.
Your subscription to the newsletter represents your consent to the processing of your personal data, and the personal data obtained in this way is processed for the purpose of direct promotion and sale of our products or services, with the fact that you will always have the option of simply withdrawing the given consent when receiving each subsequent electronic message.
We process personal data collected in this way solely for the purpose of answering your inquiry.
Sensitive personal data
In some countries, photographs and videos of individuals are considered data on racial or ethnic origin and therefore sensitive data. IGEA will process photographs (eg a copy of an ID card or passport with a photo) and video recordings only to the extent necessary to fulfill the following purposes:
We only carry out legal, fair and transparent processing of personal data that we have collected for special, explicit and legal purposes. In the processing itself, automated processes of applicative processing are mainly applied and, where this is not possible, manual processing of personal data is carried out. IGEA is responsible for processing the collected data. Processing and processing of data is necessary for the provision of contractual services and other legitimate processing purposes and is carried out exclusively for the purpose of fulfilling the aforementioned purposes. IGEA does not carry out extensive processing of special categories of personal data, nor systematic and extensive evaluation of personal aspects based on automated processing or profiling. Also, we do not systematically monitor the publicly accessible area.
As a data controller, we approach the processing of personal data with due care and security, we take care of ensuring the rights of all respondents in accordance with legal regulations and the requests of the respondents, we define retention periods for each purpose of processing, and we will delete all personal data upon termination of the contractual relationship or other applicable regulations. At any time, you can ask us, as the data controller, for information about your personal data that we have, and you can request that this data be changed or updated. Before accessing the data for each request, we will determine the identity of the applicant and the justification of the request itself. If we are legally obliged to reject your request, we will do so and inform you of the reasons.
According to the categories of respondents, IGEA stores personal data for the following periods:
Employment candidates: one year after the end of the competition to which the candidate applied, in order to reduce costs related to re-collection of data in the case of a new application for employment, i.e. 24 months from the date of application through open applications.
Business partners: data on customers, suppliers and business partners are processed and stored for the duration of the contractual business relationship in accordance with legal regulations. Upon expiry of contractual obligations and legal obligations to store data, personal data will be anonymized or deleted.
Site visitors: the data retention period is the same as the duration of your consent, i.e. we keep your data until you ask us to delete the data or withdraw your consent yourself. We store data collected through “cookies” in accordance with the settings of your Internet browser.
When using, i.e. visiting the Site, the server stores certain information in the form of cookies on the visitor’s computer/mobile device. A cookie is a set of data generated by a website server, which the Internet browser saves on the visitor’s disk in the form of a small text file. Cookies are used to recognize visitors during one of their connections and are deleted after that. Cookies cannot be used to launch programs or introduce viruses to the visitor’s computer.
When visiting the Site, the servers use a type of cookie known as a temporary cookie (eng. session based cookie), which is placed on the visitor’s computer only during his visit to the Site and enables him to use these pages more efficiently and expires automatically when he closes his browser.
No phone number, account or payment details of a username or visitor are stored in the cookie and this information cannot be accessed. By using cookies, IGEA does not in any way collect information regarding the use of computers or the browsing of other pages on the Internet by visitors. Given that the cookie is located on the visitor’s computer, IGEA cannot find it if the visitor visits the Site from another computer.
Temporary cookies are standardly used in online applications that must provide the visitor with authorized access to private servers after identification. This solution is conditioned by the technology of creating online applications and is also used by the websites of the igea.hr and in2.hr domains, which require the visitor to set a temporary cookie that is active while using the Site in order to function properly in the browser.
Our authorized personnel will access personal data only in order to be able to perform their work tasks and if it is necessary to achieve the purposes described in this Policy. Business contact information of business partners, such as first and last name, job title, phone number, postal address of the place of work and business e-mail address will be generally available to all our employees for (internal) communication purposes.
We may also need to share personal data with third parties in the context of achieving the purposes described above. These third parties are primarily:
We require service providers and expert advisors who process personal data of individuals in their capacity as processors to apply appropriate measures to protect the confidentiality and security of personal data.
The security of your personal data is extremely important to us. Therefore, we have ensured that your personal data is processed and used in a secure manner and in accordance with applicable legal regulations and standards of practice. We implement appropriate technical, physical and organizational measures to protect data from security risks such as accidental, unauthorized, illegal or otherwise unwanted access to data, its destruction or loss or disclosure, and ensure a level of security that corresponds to the risks of data processing.
Through the international certificate ISO 27001:2013 – Management of information security, the Company ensures an appropriate level of security related to the confidentiality, integrity and availability of all information resources of the company, regardless of possible threats to which they are exposed. The established information security management system defines, implements, monitors, checks, maintains and improves processes and controls related to information security, and is based on risk management.
Some of the above-mentioned categories of persons can be found in the so-called third countries, i.e. countries outside the European Economic Area, with the exception of Switzerland, which are not considered to provide an adequate level of personal data protection. In the case of transferring personal data to recipients in such countries, we will ensure an appropriate level of protection based on appropriate contractual and other mechanisms such as standard contractual clauses adopted by the European Commission.
Data collected by various social network cookies from the United States of America (USA) may be transmitted to their servers, which may be located in the USA. In such a case, the transfer of personal data will be carried out either within the framework of the European-American privacy protection system Privacy Shield.
If you withdraw your consent or object to our processing, your data will not be used in regular processing, which may result in the inability to fully fulfill the service.
If you want to give your consent for processing again, you can do so in the manner described in the first paragraph of this article.
Your rights in relation to our processing of your personal data are:
When exercising your rights to data portability based on this point, you have the right to direct data transfer from one data controller to another if this is legally based and technically feasible.
In case you are not satisfied with our reaction to your complaint, you can always submit a complaint to the national competent authority (AZOP) at the address: Agency for the Protection of Personal Data, Selska cesta 160, 10 000 Zagreb. After submitting the application, IGEA, as the data controller, may no longer process personal data unless we determine and prove that there are compelling legitimate reasons for processing that go beyond the interests, rights and freedoms of the data subject or to establish, exercise or defend legal claims, of which we will inform you.
If you want to exercise any of the above rights, you can contact us with a request to the e-mail address firstname.lastname@example.org, using the form on the link: (link to the form)
Add-ons for connecting to social networks
Our website uses the social network plug-in Facebook offered by Facebook Inc. from the USA. The Facebook plug-in is marked with the Facebook logo or the “Like” or “Share” plug-in. More information about Facebook plugins is available here. When you activate such a plug-in (first click), your browser establishes a direct connection with Facebook’s servers. Plug-in content is sent directly to your browser and embedded in our website. Through such integration, Facebook collects the information that your browser has accessed one of our websites, even if you do not have your own Facebook profile or if you are not currently logged into your Facebook profile. This data (including your IP address) is sent via your browser directly to Facebook’s servers, which may also be located in the USA, and stored there. If you are logged into your Facebook profile when you visit our website, Facebook can directly link your visit to our website with your Facebook profile. If you activate the “Like” button, this data is also sent directly to the Facebook servers and stored there. The data is also published on your Facebook profile and shown to your Facebook friends. If you do not want Facebook to associate data about your visit to our website directly with your profile, you must log out of Facebook before visiting our website. You can find out about the purposes and scope of the collection and further processing and use of data by Facebook, as well as about your rights in this regard and about possible settings to protect your privacy in Facebook’s Data Use Rules.
You can also completely disable Facebook plugins on your browser using the appropriate Facebook blocking plugins.
Our Site uses the LinkedIn social network plug-in offered by LinkedIn Corporation from the USA. You will recognize the plugin by the LinkedIn logo. When you activate such a plugin (first click), your browser establishes a direct connection to LinkedIn’s servers. Plug-in content is sent directly to your browser and embedded in our website. Through such integration, LinkedIn collects information that your browser has accessed one of our websites. This data (including your IP address) is sent via your browser directly to LinkedIn’s servers, which may also be located in the USA, and stored there. If you are logged into your LinkedIn profile when you visit our website, LinkedIn can directly connect your visit to our website with your LinkedIn profile.
You can also completely disable LinkedIn plugins on your browser using the appropriate LinkedIn blocking plugins.
Version 2.0, from 05/21/2021..