By this Privacy Statement MIŠKOVIĆ & MIŠKOVIĆ Law Firm Ltd, Zagreb, Mesnička 15a Croatia, PIN No: 72357889876 (hereinafter: MM or the Data controller) establishes rules of conduct in relation to personal data protection pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR), the Act on Enforcement of the General Data Protection Regulation (NN 42/2018) and other applicable legal regulations.
Personal data/Data means any information relating to an identified or identifiable natural person.
Data subject is an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations that is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We take Personal data protection seriously both in terms of the GDPR and in terms of the rules of the legal profession and the obligation to maintain attorney-client privilege. We process Personal data legally, fairly and transparently. This means that Data is collected only to the necessary extent, we regularly update our databases and stop processing Data when it is no longer necessary, or when we no longer have the consent of the Data subjects.
As Data controller, we implement organizational, technical and administrative measures ensuring that the Data aren’t unauthorizedly or illegally processed, accidentally lost, destructed or damaged.
MM can process the Personal data in further cases:
- Data of clients we represent;
- Data of persons who contact us by e-mail or otherwise;
- for the purposes of fulfilling our specific legal obligations in connection with the legal profession or our general legal obligations as a business entity;
- job candidate applications;
- applications of candidates within events organized by MM or in which MM participates.
We keep the Data that we are legally obliged to process (name and surname, copy of identity card, address, date of birth, identification number, and citizenship) for the prescribed period. For example, Data that we are required to keep under the Accounting Act are kept for 11 years. Due to the specifics of our profession, we are subject to special regulations as well, for example, according to the Attorney Act we are obliged to keep Data for 10 years, and Data that we are obliged to process under the Money Laundering and Terrorism Financing Prevention Act, 5 or 10 years.
Data that we process on the basis of consent, for example in case when job candidates explicitly agree that we can keep their Data in the future and to contact them for further open positions (name and surname, address, date of birth, e-mail address, telephone number, data on education and workplace, as well as all other relevant data that the person voluntarily provides us, and considers that they are related to the purpose for which they provide them), we keep the Data for the period specified when giving consent or until the withdrawal of consent.
We process certain data based on a legitimate interest (name and surname, address, information about the workplace, e-mail address, telephone number, etc.), for example for the purpose of providing our services. We process this data for the period of legitimate interest.
We sometimes need to share personal information with third parties in order to provide our services.
With our external associates, providers of accounting services, IT infrastructure providers, and other service providers, we have concluded appropriate agreements, to which they are subject to the obligation of confidentiality and lawful handling of Personal data. When external associates act as data processors, we conclude appropriate data processing agreements with them.
We are obliged to disclose some information to the competent authorities when we are obliged in accordance with applicable regulations.
In some cases, we will disclose the information if necessary to protect our interests or interests of some other persons and when legally justified.
There are cases when we can disclose Personal data to third parties only with the consent of Data subjects, for example, for promotional purposes.
Although we make every effort to ensure that all Personal data processing takes place within the European Union, some of the third-party tools we use are provided by non-EU service providers. Under the GDPR, the transfer of Personal data to a third country or international organization is permitted if that third country or the international organization concerned provides an adequate level of protection. Also, there are countries that are not yet covered by the adequacy decision. In such cases, according to the GDPR, we transfer your Data with appropriate safeguards. You have a right to be informed when Data is transferred to the U.S. or any third country not covered by the eligibility decision upon request at email@example.com. We have thoroughly considered all elements of such relationships, concluded written contracts based on standard contractual clauses prescribed by the European Commission, but also take appropriate steps to ensure that our partners implement appropriate complementary measures, safeguards, and policies.
In our work, we implement technical, physical and administrative measures to ensure that Personal data is protected from loss, misuse, unauthorized access, disclosure and alteration.
Our employees and other authorized persons perform their tasks under the legal and contractual obligation of confidentiality.
1. Right of access (GDPR Art. 15) – you have the right to be informed about Data we collected, for what purpose, period of processing and to whom we transfer it, how processing can be limited, etc.;
2. Right to correction (GDPR Art. 16) - in relation to incomplete or inaccurate Data;
3. The right to erasure and forgetting (GDPR Art. 17) - in case we no longer need the Data or you withdraw consent;
4. The right to limit processing (GDPR Art. 18) - if you dispute the accuracy of the Data, if the processing is illegal, if you have objected to the processing, etc.;
5. Right to be informed (GDPR Article 19) – within this Privacy Statement and also on your request, you can obtain information on our identity, contact data, the purposes of the processing and the legal basis for the processing of Data, recipients, Data transfer to third countries, storage period, ability to withdraw consent, etc.
6. Right to Data portability (GDPR Art. 20 - you have the right to receive your Personal data in a structured form and in a commonly used and machine-readable format as well as to transfer this Data to another controller if the processing is carried out automatically and based on consent or contract;
7. Right to object (GDPR Art. 21) - if your Data is processed for the purpose of performing tasks of public interest or in the exercise of official authority, on the basis of legitimate interest or for the purposes of direct marketing, you can object to such processing;
8. Right regarding automated individual decision-making, including profiling (GDPR Art. 22) - you have the right to express your opinion, challenge the decision and seek the involvement of a person in the process to clarify the decision made by the computer algorithm.
For all questions and requests regarding Personal data, please contact our Data protection officer at firstname.lastname@example.org.
For all complaints, you can also contact the competent supervisory body in the Republic of Croatia Croatian Personal Data Protection Agency, Zagreb, Selska cesta 136, and also via this form.
In carrying out our work, we sometimes have to process the Personal data of persons provided to us by third parties.
In accordance with Art. 14 para. 5 of the GDPR, this Personal data must remain confidential in accordance with the obligation of client-attorney privilege, and we will treat it in accordance with this Privacy Statement insofar as it is not contrary to the GDPR and applicable regulations.
MM may from time to time, without notice, amend this Privacy Statement and such changes will take effect on the day of publication. You will be informed about this in an appropriate way through our official website.
Published in March 2022