Home | 

Data protection

Data protection

Information according to Art. 13 and 14 GDPR

Introduction

TPA Croatia, comprising TPA d.o.o, za savjetovanje, TPA Audit d.o.o. za reviziju and TPA savjetovanje Huzanić d.o.o. za porezno savjetništvo (hereinafter: TPA Croatia or the Group), pays particular attention to the protection of personal data and privacy (hereinafter: privacy protection) of its member companies, its clients, seminar attendees, professional workshops, recipients of news and other events organized by TPA Croatia, suppliers, members of the management board and employees of TPA Croatia (hereinafter: Users) in accordance with the General Data Protection Regulation (EU 2016/679) (hereinafter: the Regulation), applicable regulations, best practices and internationally accepted standards, in accordance with the business and security requirements of TPA Croatia, as well as the rules of the TPA Group (of which TPA Croatia is a member). The protection of privacy of TPA Croatia Users is part of the Group’s operation and an important factor in the user experience.

1. About the Personal Data Protection Policy

What is the TPA Croatia Personal Data Protection Policy and why is it being adopted?

With the TPA Croatia personal data protection policy, we want to provide Users with clear information in one place and transparently about the processing and protection of their personal data by TPA Croatia, as well as enable simple monitoring and management of their personal data and consents.

The Policy does not reduce the rights or establish obligations of Users in relation to the processing of personal data, which Users have on the basis of applicable regulations and possible contractual provisions on the protection of personal data.

The Policy is a unilateral legally binding act of TPA Croatia and describes the purpose and objectives of collecting, processing and managing personal data of TPA Croatia, which is based on leading global practices in the field of personal data protection. The Policy ensures an adequate level of data protection in accordance with the Regulation and other applicable laws related to the protection of personal data.

The Policy applies to all TPA Croatia web pages and domains and to all TPA Croatia services that include the processing of personal data (e.g. seminars, professional workshops, delivery of professional news, etc.). It primarily applies to natural persons who apply for TPA Croatia services or use TPA Croatia services. However, taking into account the legitimate interests of Users who are legal entities, the Policy also applies to legal entities in an appropriate manner, in accordance with applicable regulations.

The aim of the Policy is to establish appropriate processes for protecting and managing the personal data of Users and other persons whose personal data is processed.

By submitting your information, you consent to contact us and thereby grant us the right to process your personal data in accordance with the specified purpose. The protection of privacy of your data is permanent.

2. Application

The Policy applies to all personal data of Users or Potential Users of TPA Croatia that TPA Croatia collects, uses, or otherwise processes, directly or through its partners. Personal data is any data relating to a natural person whose identity is identified or can be identified, directly or indirectly (hereinafter: data or personal data). Data processing is any operation performed on personal data, such as collection, recording, storage, use, transfer of personal data and access to personal data.

The Policy does not apply to anonymous data. Anonymous data is data that has been altered in such a way that it cannot be linked to a specific natural person or cannot be linked without disproportionate effort and is therefore not considered personal data under applicable regulations. TPA Croatia applies the best European practice of data anonymization.

The Policy applies to all TPA Croatia services that involve the processing of personal data. The User’s last expression of will regarding the processing of certain personal data applies to the processing of such data.

The Policy primarily applies to natural persons who apply for or use TPA Croatia services (hereinafter: Users) and/or are interested in using TPA Croatia services (hereinafter: Potential Users) or provide TPA Croatia services.

However, taking into account the legitimate interests of Users who are legal entities, the Policy shall apply appropriately, in accordance with applicable regulations, to legal entities. In order to avoid ambiguity, the Policy shall in any case apply in its entirety to employees of legal entities of Users of TPA Croatia.  

3. Principles of personal data processing

3.1. Confidence

Our aim is to be a reliable partner for Users in protecting their privacy and justifying the trust they have placed in us. We also wish to be completely transparent and clear regarding the processing of Users’ personal data. This is, among other things, the purpose of this Policy, and in particular through the active role of Users in data management. Users can always contact us with a request to change personal data relating to them or to express their will about the purposes for which they want or do not want their data to be processed, as well as to exercise all other rights in relation to their personal data.

3.2. Legality and best practice

When processing personal data, we act in accordance with the law, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR) and the Act on the Implementation of the General Data Protection Regulation (OG 42/18), but we always strive to apply higher standards and best European practice.

3.3. Limited purpose of processing

We collect and process personal data only for a specific and lawful purpose and do not further process them in a way that is inconsistent with the purpose for which they were collected, unless otherwise prescribed by law or on the basis of the User’s consent. Please note that we do not offer, exchange or sell personal data of Users or Potential Users.

3.4. Data reduction

We always use only the User’s data that is appropriate and necessary to achieve a specific legitimate purpose, and no more data than that.

3.5. Processing in an anonymous form

Whenever possible and justified, we use data in anonymous form. Data in an unnamed form are primarily anonymous data. However, whenever it is possible and justified, especially for the protection of the User’s personal data, we pseudonymize personal data, i.e. we “mask” them with special pseudonymization procedures (e.g. substitution, hashing, etc.) in such a way that they cannot be connected to an individual User without the use of additional information that is kept securely and separately (e.g. the use of a key).

3.6. Integrity and confidentiality

We process personal data securely, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage (e.g. only authorized persons who need it to perform their jobs, and not other employees, have access to the User’s personal data).

3.7. Quality of personal data

We attach great importance to the quality of the data we process. The personal data we process must be accurate, complete and up-to-date in order to ensure maximum protection of the User’s data and prevent possible misuse. Therefore, it is important to us that the User informs us of any changes to the data immediately or as soon as possible.

3.8. Limited storage time

We store and process the User’s data only as long as it is necessary for the execution of a specific legitimate purpose, unless the applicable regulations provide for a longer or shorter storage time for a particular purpose or in other cases expressly prescribed by law. After that, the data is permanently deleted or made anonymous.

In general, we store data in accordance with regulatory requirements and best practices, for the sake of consumer safety, protection and preservation of the integrity of TPA Croatia standards, etc. The duration of data storage depends on the nature of the data and is subject to change.

In accordance with the above principles, the User’s data will be accessed by TPA Croatia employees depending on their authorizations and positions, in order to successfully fulfill the tasks defined for their position. TPA Croatia will also forward the User’s data to other economic entities or state institutions in cases where there is a legal basis for doing so.

4. How we collect personal data

TPA collects User data (hereinafter: data) in several ways:

  1. We collect data primarily directly from the User or Potential User, in a way that they submit it to us independently. The most common example of this method of collecting data is submitting a request for a particular service, where the User, if he wants to use a particular service, provides data and documents that are necessary for identification (e.g. name, surname, address, copy of documents, OIB, etc.). We also collect data during communication between TPA Croatia and the User via telephone, e-mail, user pages and contact forms on the website or in other adequate and verified ways, etc. The data collected in this way is used for the purpose of fulfilling the User’s request.
  2. We collect data that is generated automatically when the User uses TPA Croatia services.
  3. We collect data from publicly available sources such as, for example, data from publicly published registers, public telephone directories, publicly available services, commercial services or publicly available numbering.

A prerequisite for any collection of personal data of the User is the existence of an appropriate legal basis based on law.

             

5. Types of personal data we collect

Depending on the contracted service, the User’s consent, and the purpose for which the individual data is used, TPA Croatia is authorized to collect the types of User data listed below. We always collect only the data that is necessary to achieve a specific legitimate purpose.

TPA Croatia does not process data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation of an individual. TPA Croatia also does not process special categories of data or personal data relating to criminal convictions and offences.

5.1. Contractual data

Contractual data in a broader sense includes the so-called master data, i.e. data provided by the User for the purposes of concluding and executing the contract (e.g. name and surname, date of birth, postal address, contact details). Contractual data also includes data on the TPA Croatia services that the User uses or has used, as well as data on the method and history of payment for TPA Croatia services (e.g. amounts owed).

5.2. User communication with TPA Croatia

The User’s communication with TPA Croatia includes, for example, written or electronic communication between the User and TPA Croatia, communication with TPA Croatia on social networks, the User’s preferred channels of communication with TPA Croatia, etc.

5.3. Data about Potential Users

This data includes personal data, in particular contact data (e.g. name and surname, e-mail address), but also the interests of the Potential User in the services of TPA Croatia. As a rule, TPA Croatia will record the data of those Potential Users who contact TPA Croatia with the desire for TPA Croatia to inform them and/or offer them certain services. Data about Potential Users is deleted after 5 years or, at the request of the Potential User, earlier, with the exception of when we keep the data longer due to legal obligations (e.g. in the event of a dispute).

6. Purposes for which we use the collected personal data

In order for TPA Croatia to be able to provide a service to the User, and in accordance with the laws listed below, it is necessary to process the minimum set of data necessary for the quality provision of a particular service. Otherwise, if the User refuses to provide the requested set of data, TPA Croatia will not be able to provide the service.

Accordingly, the User’s personal data is processed when one of the conditions listed below is met.

6.1. Contract execution

The legal basis for data processing for this purpose is the necessity for the execution of the User’s contract or taking measures at the User’s request before concluding the contract. In the event that the User does not wish to provide the necessary information for the purpose of concluding and executing the contract, TPA Croatia will not be able to conclude the contract and/or perform certain actions related to the execution of the contract.

6.2. Legitimate interest

Furthermore, TPA Croatia uses certain User data exclusively for its own records and for the purpose of protecting the User’s legitimate interests, except when these interests are overridden by the interests or fundamental rights and freedoms of the User that require the protection of personal data. This includes, for example, the use of User data to prevent, detect and prosecute abuse to the detriment of the User, to ensure the safety of employees, Users, and TPA Croatia services, to create services and offers that meet the needs and wishes of the User, to ensure a superior user experience, personalized customer support, to optimize the electronic communications network, etc.

The legal basis for processing data for this purpose is the legitimate interest of TPA Croatia, unless such interest is overridden by the interests or fundamental rights and freedoms of the User which require the protection of the User’s data and/or the legal basis for the protection of the vital interests of the User or another natural person. Exceptional cases are those specified in Article 7 of the Policy when the legal basis is consent.

6.3. Direct promotion of services and products

TPA Croatia may use the User’s contact information to send notifications about all TPA Croatia services and products through all marketing channels, unless the User specifies otherwise. The User may at any time declare that they no longer wishes to receive marketing notifications. In such a case, the User’s data will no longer be processed for direct marketing purposes. TPA Croatia will send the User promotional notifications about the services and products of third parties (partners) only with their consent.

The legal basis for processing data for this purpose is the legitimate interest of TPA Croatia from the contractual relationship, unless such interest is overridden by the interests or fundamental rights and freedoms of the User which require the protection of data. Exceptional cases are those specified in Article 7 of the Policy when the legal basis is consent.

6.4. Fulfilling legal obligations and performing tasks in the public interest

Based on a written request arising from applicable regulations, TPA Croatia is required to provide or provide access to certain personal data of the User to the competent state authorities (e.g. Tax Administration, courts, police, AZOP, FINA, CBS, etc.).

The legal basis for processing data for this purpose is the fulfillment of TPA Croatia’s legal obligations, as well as the performance of tasks carried out in the public interest.

  1. What are Consents?

Consent is a voluntary, specific, informed and unambiguous expression of the User’s wishes by which he/she, by a statement or clear affirmative action, gives consent to the processing of personal data relating to him/her (so-called opt-in ). Consent can be given in writing or in another appropriate manner (examples of consent can be found at https://www.tpa-group.hr/zastitaprivatnosti). Consent can be given and withheld free of charge at any time. Consent is not necessary for all data processing.

Without the User’s consent:

  • we will never use the following User data for any purpose other than the execution of the contract itself, i.e. providing the service, preventing abuse, normal use of TPA Croatia services or fulfilling TPA Croatia’s legal obligations;
  • we will never send the User promotional messages from third parties;
  • we will never process User data in other cases where consent is required under applicable regulations.

The User has the right to change their consent or withdraw their right to the processing of personal data at any time. The request can be submitted in the following ways:

– via e-mail to the address gdpr@tpa-group.hr ,

– by mail to the address TPA Croatia, Josipa Marohnića 1/1, 10000 Zagreb,

– or in person at the TPA Croatia office.

The request will be processed no later than 48 hours from receipt, provided that the User’s identity is clearly established. The User will receive confirmation via e-mail or other selected channel of the successful modification or withdrawal of consent.

To confirm the identity when sending the request, the User should submit their basic information (name, surname, e-mail address or other contact information that matches the information in our records).

Consents that are withdrawn are recorded in our system to ensure compliance with GDPR and to prevent any further processing based on the withdrawn consent.

8. Website terms of use

Terms of use of materials from the website

The stated terms of use of written materials, service lists and materials from the TPA Croatia website are rules that must be adhered to by all Users. Any use of www.tpa-group.hr is subject to the conditions stated.

All content published on www.tpa-group.hr is the property of TPA Croatia and may only be used for private and non-commercial purposes and may not be copied, reproduced or distributed in any way without the express written consent of TPA Croatia. Any unauthorized possession and search without the consent of the author is subject to legal sanctions.

TPA Croatia will make every effort to ensure that the website www.tpa-group.hr keeps it fully functional and that all published information is accurate and complete, but is not responsible for occasional non-functioning of pages, eventual inaccuracy of information, as well as for any damage caused by the use of incorrect or incomplete information or the inability to access information.

Website www.tpa-group.hr is accessed via the Internet. The Internet is a global computer network that TPA Croatia does not directly control, but is connected to, and therefore cannot guarantee the availability of services and information.

TPA Croatia reserves the right to change any content published on www.tpa-group.hr at any time and without prior notice.

The above conditions apply to several segments:

Data security

For the security of data at this address and to ensure that the service is accessible to all Users, the computer system uses software programs that monitor network visits and recognize unauthorized attempts to send or change data, as well as those that could cause damage in some other way. Unauthorized attempts to upload or modify data on this site are strictly prohibited.

Data confidentiality

When visiting the site, your personal information remains confidential, unless you wish to disclose it voluntarily. We undertake not to provide the information we have received to other parties, unless there is a legal basis for doing so.

Server statistics

Our global network server uses statistical software programs for network management, which are also used to manage these sites. These programs are a standard feature of all web servers and are not specific to our sites. Such statistical programs allow us to determine the information that is of most or least interest to our Users, what browser should be installed, how effective our site structure is, and how our pages are being visited.

Sending messages by email

When the User sends an e-mail (e-mail) to TPA Croatia with personally identifiable information, via an e-mail message with a question or comment, TPA Croatia uses this information to fulfill the User’s requests. In the event that the User does not wish to provide their personal information, TPA Croatia will not be able to process the User’s request. TPA Croatia may forward the User’s e-mail to other employees who can better answer the User’s questions.

Your data will be kept for as long as necessary to process your request and will be deleted after 5 years, with the exception of when we keep the data longer due to legal obligations (e.g. in the event of a dispute).

9. Cookies

Website www.tpa-group.hr uses so-called “cookies in order to provide the User with a free service with full functionality and the highest quality content. Cookies represent a set of data generated by the website server and saved by the web browser on the User’s disk in the form of a small text file with certain User data (e.g. IP address from which the website is accessed, connection time, etc.).

Types of cookies

The website www.tpa-group.hr ​uses the following cookies:

  • Temporary cookies (Session cookies) – are placed on the computer of the User of the website tpa-group.hr only for the duration of his visit to this website and thus enables the User to use the website www.tpa-group.hr more efficiently and are automatically deleted when the browser is closed.
  • Permanent cookies (Persistent cookies) – these are cookies that will remain “recorded” in the User’s internet browser until they expire or the User manually deletes them. The information collected is anonymous and does not include the User’s personal data.

Why allow the use of cookies?

TPA Croatia uses cookies:

  • to provide a better user experience;
  • to monitor and analyze the use and traffic of our website;
  • for the proper functioning of the pages (in cases where this is necessary).

Detailed information about the cookies used by a particular website is provided to the User immediately upon first visiting the website. Based on this information, the User grants or denies their consent to the use of cookies when visiting the website. The User of the website www.tpa-group.hr can always independently regulate the receipt of cookies through their web browser settings. TPA Croatia excludes any liability for any loss of functionality and/or quality of the content of the website www.tpa-group.hr in all cases of choosing to regulate the receipt of cookies by the User.

TPA Croatia is not responsible for cookies of other websites that are not owned by TPA Croatia. TPA Croatia will link information about the User obtained through cookies with other data about the User in order to better understand the User’s needs and provide a better User experience, only based on the consent obtained from the User.

What if the User does not accept cookies?

If the User does not accept cookies, it is possible that certain features of this website will not be displayed or work properly. This will limit the possibilities offered to the User by the TPA Croatia website and could affect the design and user experience.

Website statistics

The website www.tpa-group.hr monitors statistical traffic solely to obtain the necessary information about the attractiveness and success of its pages on the market, and a third-party service called Google Analytics is used for this purpose. Detailed third-party information about this service, as well as the options for Users of the website www.tpa-group.hrregarding the regulation of cookies that are necessary for the same, is available at: https://app.consentmanager.net/cookies_result.php?s=4&r=b3c1f70a&i=543518&o=1737915440&setlang=2

Other

By using the website www.tpa-group.hr, the User is deemed to be familiar with these terms of use at all times, including the provisions on data processing and options regarding cookies.

TPA Croatia reserves the right to change the content of these web pages and will not be responsible for any possible consequences arising from such changes.

10. How we protect personal data

TPA Croatia uses various technical and organizational measures to protect User data from unauthorized access by persons inside and outside TPA Croatia, alteration, loss, theft and any other data violations and misuse. Technical measures include data encryption in transmission and storage, access control using authentication (such as two-factor authentication) and regular security checks. Organizational measures include limiting data access only to authorized persons, training employees on data protection rules and regular internal audits of the protection system. Data is protected regardless of whether it is stored in electronic or paper form, with special emphasis on secure archiving and destruction of data after the retention period has expired. TPA Croatia uses advanced security tools to monitor and prevent data leaks, as well as to monitor critical systems. These measures include, among others, the following:

  • TPA Croatia services, before being offered to Users, meet security and data protection requirements (so-called privacy by design and security by design). Also, the User’s personal data is stored in accordance with TPA Croatia’s internal security standards, and TPA Croatia continuously takes significant organizational and technical measures to protect the User’s personal and all other data. Where applicable, TPA Croatia applies cryptographic data protection methods and continuously works to improve security measures. In addition, advanced tools are used to protect and prevent data leaks, and critical systems within TPA Croatia are monitored;
  • concluding agreements on the protection of the User’s personal data with all so-called subcontractors;
  • implementation of all protection measures on systems where User data is stored. TPA Croatia does not allow unauthorized collection, processing or use of personal data. The rule of limiting data access to only those data that are necessary for performing individual business tasks is applied. Accordingly, roles and responsibilities are clearly defined. Employees are strictly prohibited from using User personal data for any purpose that is not in accordance with the conditions defined in Article 6;
  • conducting regular checks of security measures and personal data protection measures. Personal data is protected from unauthorized access, use, modification and loss. Protection mechanisms apply to personal data regardless of the form in which it is stored – paper or electronic;
  • continuous employee education;
  • the existence of special organizational units within TPA Croatia that deal only with the protection and security of User data, as well as the functions of the Personal Data Protection Officer;
  • TPA Croatia does everything in its power to ensure that all redirects from the TPA Croatia website point to websites that do not contain illegal and/or harmful content. However, pages and addresses on the network change quickly and TPA Croatia cannot always guarantee the content of every address it points to. If the User has any questions or doubts regarding his experience with the TPA Croatia website and services, he should contact the TPA Croatia office.

11. Where personal data is processed

TPA Croatia generally processes the User’s personal data in the Republic of Croatia. Exceptionally, it also processes it in other countries (e.g. when a subcontractor from another country is hired to provide a specific service or part of a service that includes the processing of personal data), generally in the member states of the European Union.

12. Transfer of personal data to third parties

TPA Croatia does not forward or exchange the User’s personal data with any legal or natural persons (hereinafter: third parties), except in the following cases:

1) Legal obligations – The User’s personal data may be forwarded to competent authorities (e.g. tax authorities, courts, police, Personal Data Protection Agency) based on a written request in accordance with applicable laws.

2) Execution of the contract with the User – Data may be forwarded to third parties when necessary for the provision of the contracted service (e.g. delivery services, banks for payment processing or event organization partners). In such cases, third parties process the data exclusively according to TPA Croatia’s instructions and with the provision of appropriate security measures.

3) Engagement of processors – TPA Croatia may engage external processors (e.g. IT service providers, marketing agencies or auditors) who are contractually obligated to act in accordance with the highest data protection standards and exclusively according to our instructions.

4) Data transfer within the EU/EEA – User data may be transferred within the European Union or the European Economic Area (EEA), where an adequate level of data protection is ensured in accordance with the General Data Protection Regulation (GDPR).

5) Transfer of data outside the EU/EEA – In cases where data is transferred outside the EU/EEA, TPA Croatia ensures appropriate protection measures, including the application of standard contractual clauses approved by the European Commission or cooperation with organizations in countries for which there is a data protection adequacy decision.

Users have the right to request detailed information about transfers of their data to third parties, including the identity of the recipient and the legal basis for the transfer. All information will be available within 30 days of the request.

13. User rights

In addition to the User’s active role in managing consent, i.e. the User’s right to withdraw consent at any time (Articles 7 and 8), the User also has the following active roles, all in accordance with applicable regulations:

  1. right to deletion/unsubscribe: The User has the right to unsubscribe from receiving promotional notifications about TPA Croatia services at any time. Unsubscribe request can be submitted:

– via e- mail to the address gdpr@tpa-group.hr,

– by mail to the address TPA Croatia, Josipa Marohnića 1/1, 10000 Zagreb,

– or via online form available on our website.

The claim will be processed within 7 working days day of receipt, and the User will get confirmation of unsuscribing through the chosen channel.

Unsuscribing from promotional notification does not affect the provision contractual TPA Croatia service.

The User also has the right to object to any other processing of the User’s data based on the so-called legitimate interest of TPA Croatia (so-called opt-out).

  1. right of access: The User has the right to obtain confirmation as to whether his/her personal data is being processed and, if such personal data is being processed, access to such data and information on the purpose of the processing, categories of personal data, recipients or categories of recipients, the envisaged period for which the data will be stored or the criteria used to determine that period, the existence of the User’s rights, and protective measures if the data is transferred to so-called third countries.
  2. right to correction: The User has the right to obtain correction of inaccurate personal data relating to the User. In addition, the User has the obligation to regularly update personal data in the business relationship with TPA Croatia.
  3. right to information: The User has the right at any time to request information about whether their personal data is being processed and for what purpose, who is the data controller, the contact details of the data protection officer, which categories of personal data are being processed, for what period they are processed or stored, who is the source for obtaining their personal data, who are the recipients of their personal data, as well as the right to information about their other rights specified in this Policy.
  4. right to data portability: The User has the right to receive personal data concerning him or her, which they have provided to TPA Croatia, in a structured, commonly used and machine-readable format and has the right, without hindrance from TPA Croatia, to transmit those data to another controller if the processing is based on their consent and if the processing is carried out by automated means. The User has the right to have the data transmitted directly from TPA Croatia to another controller if technically feasible, and this right must not adversely affect the rights and freedoms of others.
  5. right to file a complaint with a supervisory authority: The User has the right, on grounds relating to his or her particular situation, to object at any time to the processing of personal data concerning them. TPA Croatia shall no longer process the personal data unless TPA Croatia demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims.
  6. right to restriction of processing: The Data Subject also has the right to request from TPA Croatia the right to restriction of processing in the event that they disputes the accuracy of personal data, when they considers the processing to be unlawful and opposes the deletion of personal data and instead requests the restriction of their use, and in the event that the Data Subject has objected to the processing and expects confirmation whether the legitimate reasons of the controller override those of the data subject.
  7. rights related to automated decision-making: The User has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless such decision is necessary for entering into or performing a contract between the User and TPA Croatia, if permitted by Union law or the law of a Member State to which TPA Croatia is subject, or based on the User’s explicit consent.

 

The User has the right to request the exercise of any of the above rights at any time. TPA Croatia shall provide the User, upon request, with information on the actions taken in relation to the above rights, no later than 3 months from the receipt of the request (depending on the quantity and complexity of the request) – all requests will be processed and responded to by the Users within 1 month and the deadline will be extended by a maximum of 2 additional months, when necessary. If TPA Croatia does not act upon the User’s request, without delay and no later than one month from the receipt of the request, it shall inform the User of the reasons for non-action. The reasons for non-action shall include the existence of legality of the processing that prevents TPA Croatia from acting.

TPA Croatia takes significant procedural and technological measures to protect the User’s personal data. In addition, all TPA Croatia employees have a duty to notify the responsible persons in the event of an incident related to the protection of personal data, and in the event of a personal data breach, TPA Croatia is obliged to report the incident to the Personal Data Protection Agency within 72 hours of becoming aware of the breach, if feasible.

Also, in the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of individuals, TPA Croatia will notify the User of the breach of their personal data without undue delay.

Exceptionally, TPA Croatia will not notify the User in the event of a personal data breach if at least one of the following conditions is met:

  • TPA Croatia has taken appropriate technical and organizational protection measures and these measures have been applied to the personal data affected by the personal data breach. This particularly applies to those protection measures that make the personal data unintelligible to any person who is not authorized to access them, such as encryption;
  • TPA Croatia has taken subsequent measures to ensure that it is no longer likely to result in a high risk to the rights and freedoms of Users;
  • This would require a disproportionate effort. In such a case, there must be public notification or a similar measure to inform Users in an equally effective manner.

The User has the right to file a complaint with the supervisory authority (Personal Data Protection Agency) in the event of an incident concerning his personal data or if they believe that TPA Croatia is violating their rights defined by the Regulation.

14. Who to contact?

The User can exercise their rights by contacting or submitting an appropriate request to the e-mail address gdpr@tpa-group.hr or the postal address of TPA Croatia, Josipa Marohnića 1/1, 10000 Zagreb, or in another manner provided to the User by TPA Croatia, depending on the type of request.

If the User suspects a violation of their personal data or has any questions about this Policy and/or the protection of personal data by TPA Croatia, they can contact the e-mail address gdpr@tpa-group.hr or the postal address of TPA Croatia, Josipa Marohnića 1/1, 10000 Zagreb.

Also, the User is authorized to file a complaint with the Personal Data Protection Agency.

15. Amendments, supplements and transitional provisions of the Policy

The Policy comes into force and applies to new Users on the day of publication and is available on the website and in the TPA Croatia office. Users will be notified in a timely manner about possible changes and additions to the Policy, including through publication on the TPA Croatia website.

In relation to Users who are the existing Users of TPA Croatia at the time of the first publication of this Policy, the Policy begins to apply from the date of publication of the Policy.

16. Final provisions

This Policy enters into force on the date of adoption, and applies from May 21, 2018.

Zagreb, 10 May 2018

On behalf of TPA Croatia

Bojan Huzanic

___________________________

Contact us

If you have any questions regarding privacy and personal data protection, please contact TPA Croatia:

                        TPA Croatia

                        Josipa Marohnića 1/1, 10000 Zagreb, Croatia

                        Phone: +385/1/6461780

                        Email: gdpr @tpa-group.hr

                        www.tpa-group.hr

Subscribe to Newsletter

Contact

TPA Croatia
Find an expert near me
Linkedin Facebook Youtube

Contact

TPA in Croatia

+385 1 6461 780

office@tpa-group.hr

Address

Josipa Marohnica 1/7

10000 Zagreb

Opening Times

Mo - Fri: 08:00 – 18:00

Links

Social Media

Linkedin Youtube Facebook

© 2025 TPA in Croatia.
All Rights reserved.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.