Personal data protection policy

Your data is safe with us

  • When collecting your personal information, the Bank will only ask you for the information you need for the service or product you are looking for.
  • We process your information by respecting all your rights in accordance with the Personal Data Protection Policy.
  • All your collected data are protected by law as confidential information.

Personal

In a concise, transparent and comprehensible way, HPB provides you with information regarding the processing of your personal data (obligations under the General Data Protection Regulation, Articles 13 and 14).

In the information materials you are approached, it is explained in the area of ​​retail business.

For additional questions, please contact us at dpo@hpb.hr

Introduction

Hrvatska poštanska banka considers that the protection of natural persons in relation to the processing of personal data is a fundamental right, and we wish that our customers feel safe and that their customer experience is at the highest level. Therefore, it is of the utmost importance that the customer personal data are properly protected and we pay particular attention to that.

When processing personal data, HPB ensures that data are processed exclusively in compliance with the current laws and that all the rights of the customers are respected. We will process data in a transparent manner and only if the processing is required for clear purposes and in the interest of the customers. We will use the technological measures available for the customer data protection. Processing means storage, recording, organisation, consultation and transmission of data by the Bank or third persons, based on the contractual relationship between the Bank and such third persons, during the term of the business relationship with the customer and upon its termination, during the period of time within which the Bank is obliged to retain individual documentation.

Personal data collection

In order that Hrvatska poštanska banka may establish a business relationship with you and provide you a quality service, it is necessary that you share your personal data with us (for example, your first and family name, address, PIN, telephone number, etc.). When collecting personal data, the Bank complies with the principle of data minimisation in relation to the purpose concerned.

The Bank collects and processes personal data for the purposes of contracting services and establishing business relationships, and performing contractual obligations. The quantity of data we will have to collect depends on the service or product requested (for example, the opening of a bank account, term deposits, loan approval, acquiring a credit card, housing savings, investment product, etc.). In addition to data we need for the provision of services, we are obliged to collect also certain data to comply with a legal obligation, and without such data we will not be able to provide you our services. Those data collected for compliance with a legal obligation have been defined in the laws governing the prevention of money laundering and terrorist financing, the operations of credit institutions, in tax laws governing administrative cooperation in the area of taxes, and in laws governing housing savings, consumer and housing consumer lending, capital market and fund management, etc.

Processing of personal data

All your data, learned by the Bank providing you the services, including your personal data, are protected by law, and are considered confidential (banking secrecy). HPB shall not start the processing of your data unless this is necessary for the provision of the service you have requested, the processing has been conditional on law, there is a legitimate interest or you have given specific consent for the processing of your personal data.

HPB in some cases, in order to provide you better and complete service, cooperates with partners. In that context, the Bank may play several roles, and it is important that you understand them in order to get a full picture of how your data have been processed in such co-operations:

  • a controller – when it determines independently the purposes of processing, for example in the situations where it contracts its own products and services
  • a joint controller – in the situations where it determines together with other legal persons the purposes of processing in order to create and offer joint products
  • a processor – where it processes personal data on behalf of another legal person and does not determine the purposes of processing, as for example for contracting direct debiting with recipients of payments.

The processing of personal data may be carried out for the purposes of contracting products and services, for compliance with a legal obligation and for a legitimate interest. A legitimate interest constitutes the processing of data for the purpose of improving business processes, services and products of the Bank, and developing a customer business relationship.

Automated decision-making is an integral part of the Bank’s business and is thus necessary, and the processing of data may be carried out in compliance with the current laws applied to the Bank, with the purpose of ensuring safety and reliability of the services provided by it, for a legitimate interest and with your consent. The example of automated processing is the calculation of a tacitly accepted authorised overdraft which the Bank may allow, and where the computation takes account of the average of your salaries and the regularity of transactions in a certain period of time. Such automated processing operations inherent to the Bank’s business may be periodically repeated.

Unless the processing of data is for the compliance with a legal regulation or pursuing a legal interest, the Bank shall require the customer to give his or her consent to the use of personal data.

In compliance with the General Data Protection Regulation, the Bank ensures to the data subjects the right to submit complaints related to automated and manual data processing for the purposes of direct marketing, including customer profiling, at any time and free of charge.

Rights of customers

The protection of personal data implies also significant rights of customers, namely:

  • request the confirmation whether or not your personal data have been processed, request access to data and purposes of processing, categories of data and potential recipients processing your personal data
  • request rectification of incorrect personal data if the Bank does not have your updated data
  • request erasure of data not necessary for the purposes for which they have been collected or restriction of the purposes of the processing of data you have provided to the Bank if you have justified reason for that
  • submit a complaint concerning the processing or transfer of data to third parties
  • withdraw consent given for the processing of personal data and we will then stop to process your personal data for the purpose for which the consent has been given
  • request the transfer of your data to another controller.

If you want to exercise any of these rights, and all the conditions have been met therefor, please send your request in writing, mailing it to the address listed below, or electronically to dpo@hpb.hr, or bring it to any branch office of the Bank.

The Bank is processing and protecting personal data in its operations in compliance with the legislation governing the processing of personal data. We have adopted thus the Personal Data Protection Policy of Hrvatska poštanska banka, providing for all the information on your rights and our obligations related to personal data.

The Personal Data Protection Policy of Hrvatska poštanska banka may be accessed on www.hpb.hr.

Consents to use personal data

The Bank shall in certain situations require your consent in order that it may use your personal data, including those data it possesses on the basis of current cooperation, and shall contact you in different contexts.

HPB requires several consents, and you may choose to give one, several, all or no consent.

We stress that we take care of your time and privacy, and we will not send you messages every day but we will try to be discreet and that you receive offers and messages that might interest you.

You give consents to the Bank in order that we may communicate you useful information and newsletters where we will inform you on the competitions, present new products or invite you to the events sponsored by the Bank.

You may give your consent if you agree to be communicated sometimes the information on the products and services offered by the Bank, the members of HPB Group or the business partners, which are not related to those you already use but can help you to manage your personal finances.

The Bank shall require your consent to analyse your personal data in order to create you a personalized offer. For example, to offer you the pre-approved products where individual financial elements, such as creditworthiness, are pre-calculated, and your routines are followed. In order to assess your creditworthiness, we will pay attention to your salaries, existing loans and current indebtedness.

The final consent you may choose to give is to allow us to contact you also upon the termination of the contractual relationship with the Bank. The customers are our most valuable assets and we want to know the reason why you chose to leave the Bank so that we could improve our services and processes.

We stress again that the consents are voluntary and you may withdraw them at any time.

Additional information

Depending on a product or service, the Bank may require also additional information from the customer.

For example, in order to be able to provide credit products (all types of loans, credit cards, current account overdrafts), the Bank is legally obliged to assess the customer’s creditworthiness and it collects for such purposes the information on the professional degree, marital status, number of household members, etc. Because of its legal obligation to manage risks, in particular credit ones, the Bank has a legitimate interest to consult credit and other registers. If the customer’s creditworthiness is not adequate or if he or she does not provide personal data necessary for the creditworthiness assessment, the Bank shall refuse to provide the product concerned. Also, for pursuing a legitimate interest of facilitating business in the future and easier communication with the customer, the Bank may require the contact details, such as telephone or mobile phone number and e-mail address.

Assignment and transfer of data

The Bank may make available the customer’s data in compliance with the current legislation to certain institutions (for example, to the Croatian National Bank, the Croatian Financial Services Supervisory Agency, the Croatian Data Protection Agency, tax authorities, etc.), as well as to business partners with whom it may also share data for the purposes of the performance of the contractual obligations (for example, outside the Republic of Croatia for the purposes of issuing and personalising cards and processing card transactions, in the Republic of Croatia, for sending statements or providing specific products or services, etc.).

Data retention time limits

The Bank keeps data for the periods of time set out in accordance with the time limits prescribed by law and sometimes longer when it has a legitimate interest such as to resolve potential complaints or disputes. The special internal act provides for the periods of time within which the documentation used by the Bank shall be kept. For example, those data we have collected in compliance with the legal obligation to take anti-money laundering and terrorist financing measures are kept for 10 years following the day of the termination of business relationship or the date of transaction.

Also, those product requests which have not been realised (loan applications, application forms for products and services…) shall be kept by the Bank, pursuing its legitimate interest (potential complaints and better monitoring of requests of repetitive character), for a year.

Thank you for the confidence that you have placed in us. We are looking forward to continuing successful cooperation!

Contact details

Hrvatska poštanska banka d.d.
Jurišićeva 4, 10000 Zagreb
hpb@hpb.hr
Data protection officer: dpo@hpb.hr

If you feel that your right to personal data protection has been breached, you may submit the complaint to the Croatian Personal Data Protection Agency, e-mailing to: azop@azop.hr.

Business clients

HPB provides you with a concise, transparent and comprehensible way to provide information regarding the processing of your personal information (obligations under the Universal Declaration of Human Rights, Articles 13 and 14).

In the informative materials you access, you have explained the processing in the business section with business users.

If you have any questions, feel free to contact us at dpo@hpb.hr.

Introduction

Bearing in mind the fact that the protection of privacy and personal data is fundamental right of every person, Hrvatska poštanska banka, the public limited company (hereinafter referred to as: the Bank) gives special attention to the protection of personal data. Please read this material carefully, as it contains information on:

  • Personal data collected by the Bank
  • The way of using personal data
  • The recipients of the data with which the Bank cooperates

The Bank’s operations in the processing and protection of personal data are in line with the legal regulations regulating the processing of personal data. For this reason, we have adopted the Privacy Policy of Hrvatska poštanska banka, the public limited company, where we provide in one place information on your rights and our obligations regarding personal information. Personal Data Protection Policy is available at www.hpb.hr.

The term data processing involves the storage, recording, organizing, viewing and transfer of personal data at the Bank or third parties with which the Bank is in a contractual business relationship, for the duration of the business relationship, and after the termination of the business relationship with the client during the period in which The Bank shall keep certain documents.

Collection of personal data in operation with business users

A business user may be any legal entity, body of state authority, local or regional self-government unit and their body, association and society (sports, cultural, charity, etc.) as well as any natural person (non-consumer) active within the scope of their registered economic activity or free occupation.

Affiliates with a business user can be: natural persons; business user owners; business user representatives; procurators; business user assignees; transaction account assignees; electronic banking users; business card users; guarantors; co-debtors; pledgors, and other natural persons whose personal information the business user provided to the Bank for use for the purposes of establishing and maintaining a business relationship (hereinafter: the Client).

The amount of personal data that the Bank collects depends on the requested service or product from the Bank’s offer. When establishing a business relationship, or subsequently following a status or other change, the Bank is obliged to collect data for which there is a statutory and regulatory obligation to collect and carry out measures of depth analysis or reporting to the competent authorities. The data for which a statutory obligation to collect has been laid down by the regulations governing the prevention of money laundering and terrorist financing, regulations regulating the operation of credit institutions, tax regulations and regulations regulating administrative cooperation in the field of taxation, regulations regulating the capital market and fund management. As a basis, the Bank collects the Client’s identification data.

With credit products, the Bank collects a larger set of personal data, to carry out adequately the assessment of the risk of establishing and maintaining such a business relationship. In addition to identification data, the Bank usually collects financial and property records, records of disputes, including criminal, and contact details of the Client. Due to the legal obligation of risk management, in the process of processing the loan application, the Bank conducts business user and related persons checks in credit registers. If the applicant does not have the appropriate credit rating or the loan participant does not provide the personal information needed to assess the risk or to secure the loan, the Bank will reject the claim for the credit product.

The Bank collects personal information of the Client through request and application forms, and other forms for products and services from its offer, through other communication channels available for clients through both the personal identification document and other documents that the client has made available to the Bank. The Bank stores these personal information in the purpose of establishing and maintaining a business relationship and providing quality service to clients. If the request, application form or other form is not filled in by the Client as an employee to the business user, the Client’s personal information is transmitted to the Bank by the business user as the employer of the Client, or the person representing the business user. In this case, the person from whom the Bank has received the Client’s personal data is obliged to notify the Client about the transfer of his personal data to the Bank, including information about the rules and principles set forth in the Personal Data Protection Policy of Hrvatska poštanska banka, the public limited company.

In addition to the personal data collected from the Client, personal data is collected from publicly available sources and registers, such as court register, craft register, business entities database and business search engine.

Use of personal data in operation with business users

The Bank processes data collected of business users that include personal data of natural persons (non-consumers) operating within the scope of their registered economic activity or freelance professions and related persons provided to the Bank by a business user in the following cases:

  • Establishing identity
  • Risk assessment for money laundering and terrorist financing in establishing and maintaining a business relationship or performing occasional transactions
  • Preventing risk that may arise from a business relationship
  • Harmonization with legal and regulatory regulations within and outside the territory of the Republic of Croatia
  • Contracting and using deposit and credit products and other services provided by the Bank
  • Execution of all types of bank transactions within and outside the territory of the Republic of Croatia
  • Determining creditworthiness
  • Claim collection
  • Reporting
  • Statistical processing
  • Developing and improving products and services to enable business users to have a better user experience
  • Defining products and services that would be useful for business users
  • Contacting for the purpose of fulfilling contractual relations with the Bank
  • Contacting for marketing purposes

The Bank keeps personal data for the duration of the business relationship, as well as after the expiration of the business relationship, for the period prescribed by a special internal act on archiving documents, harmonized with the legal regulations regulating the Bank’s operations. The data we collected for the legal obligation to implement money laundering and terrorist financing measures are kept for 10 years from the date of termination of the business relationship, or the date of the transaction. Unrealized requests for products and services such as credit and credit card requests, are kept for 5 years for legitimate interest. Legitimate interest is the processing of data in order to improve business processes, services and products of the Bank and to develop a business relationship with the Client.

The Bank conducts contacting craftspeople and entrepreneurs operating within the area of ​​their registered economic activity or freelance profession for marketing purposes in accordance with the collected approvals and preferred channels of contact. The Bank collects clients’ approvals through the Acceptance for personal data processing and contact. The approval is voluntary and the client can withdraw at any time in the same way as it was given. After the revocation of the approval, the Bank will no longer process the data for this purpose.

Assigning personal data to third parties

For the purpose of fulfilling a legal or contractual obligation, the Bank may assign to third parties business user data that include personal data of natural persons (non-consumers) operating within the area of ​​their registered economic activity or freelance profession and affiliated persons, provided by the business user, with the legality of the processing and in accordance with the principles of processing defined in the Personal Data Protection Policy of the Hrvatska poštanska banka, the public limited company, towards:

  • One of HPB Group members
  • Legislative, supervisory and regulatory bodies within and outside the territory of the Republic of Croatia
  • The financial institutions and agencies with which the Bank cooperates
  • Institutions providing Embargo checklist services
  • Ministries, local and regional self-government units with which the Bank cooperates
  • Credit and other registers
  • Registers of the competent institutions for the implementation of credit products insurance
  • Auditors and consultants within and outside the Bank, and other bodies authorized to audit and provide consulting services
  • Card houses, card processors and service providers within and outside the territory of the Republic of Croatia with whom the Bank has contracted cooperation
  • Contractual card accepting partners (EFTPOS, internet merchants)
  • Other agencies, institutions, associations, insurance companies and partners with whom the Bank has concluded a business cooperation agreement that enables business users to contract and use the products and services provided by the Bank
Principle of processing and protection of personal data in operation with business users

When using personal data, the Bank ensures that they are processed solely in accordance with applicable laws and respecting all rights of the Client. In processing personal data, the Bank behaves in a transparent manner and processes them only if there is a clear purpose for it.

The Bank continuously undertakes significant organizational and technical measures to protect personal and other customer data. With business partners, data recipients we have reached an agreement on our roles and responsibilities in the mutual relationship, in processing personal data of service users to ensure the prescribed level of personal data protection.

The Bank may have one of the following roles in processing personal data:

  • Be the manager of personal data processing
  • Be a shared personal data manager with another legal entity
  • Be an executioner of personal data processing

In situations where contracting own products and services, the Bank is the manager of personal data processing and independently determines the purpose of processing the personal data. In some data processing processes, such as card production and personalization, and card transaction processing, the Bank may use the services of contract partners and exchange personal information for meeting the contractual obligation.

The Bank is a shared personal data manager when it acts in the market with another legal entity and jointly determines the purpose and method of processing personal data. The Bank has this role in providing special credit programs in which business users are offered more favorable lending conditions or benefits, such as subsidizing interest rates or providing additional insurance instruments. In its offer, the Bank has credit programs with partners:

  • Financial institutions and agencies such as the Croatian Bank for Reconstruction and Development (HBOR), the European Bank for Reconstruction and Development, the European Investment Bank and the HAMAG BICRO Agency
  • Ministries and other state authorities, local and regional self-government units
  • Other business partners with a view to support projects and initiatives in the field of economy and entrepreneurship

Processing of personal data as a shared manager is carried out for the purpose of fulfilling the contractual obligation. Prior to using such programs, the manager that first contacts the potential user is informing the user.

The Bank is the executioner of personal data processing when processing the personal data by the order of the other party and it does not specify the purpose of the processing.

Client rights

All the information the Bank has received about you by providing you the service, including your personal data, are protected by law as confidential information (bank secret).

Pursuant to General Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, you may at any time:

  1. Request confirmation of whether your personal data are being processed and access to your personal information and purpose of their processing, the data categories and potential recipients who process your personal information
  2. Request correction of incorrect personal data if the Bank does not have your updated data
  3. Request deletion of data that is not necessary in relation to the purpose for which it was collected or limit the purpose of processing the personal data you have given to the Bank if you have a valid reason
  4. File complaints to the processing procedure or the transferability of the data to third parties
  5. Revoke the approval based on which we process personal data, after which we stop processing your personal data for the purpose for which the approval was given
  6. Request transfer of your data to another processing manager

The Bank allows Clients at any time and free of charge the right to complain to automatic or manual data processing for the purposes of direct marketing, including making a profile to the extent that it is associated with such direct marketing.

For the purpose of protecting personal data, the Bank has adopted the Personal Data Protection Policy of the Hrvatska poštanska banka, the public limited company and has appointed the Personal Data Protection Officer who additionally cares about your personal data and ensures that these data are legally processed in the Bank.

Contact information

Hrvatska poštanska banka, the public limited company
Jurišićeva 4, 10000 Zagreb
hpb@hpb.hr
Personal Data Protection Officer: dpo@hpb.hr

If you feel that your right to protection of personal data has been violated, you can file a complaint with the Personal Data Protection Agency (AZOP) to the following e-mail address: azop@azop.hr.

Prospective employees

HPB Group has prepared a brochure for you in a concise, transparent and comprehensible manner providing information regarding the processing of your personal information.
The information materials you approach explain the processes that are being carried out in the recruitment and selection process for job candidates in the members of the HPB Group.

For additional questions, please contact us at dpo@hpb.hr.

Introduction

In order that HPB Group may open recruitment procedure for filling a post, it is necessary that you share your personal data with us (for example, your first and family name, address, telephone number, information on your training, work experience, etc.). When collecting personal data, the Group complies with the principle of data minimisation in relation to the purpose concerned.

The Group collects and processes personal data with the purposes of carrying out the recruitment and selection procedures and starting the employment relationship. The quantity of data we will have to collect depends on the process and work post for which you have applied and the type of the selection procedure which is applied (for example, the psychological tests, professional tests, interviews, etc.). In addition to data we need for the recruitment and selection procedures, we are obliged to collect also certain data to comply with a legal obligation; such data have been determined by the legislation governing the specificities related to the employment relationships in credit institutions, including that governing the prevention of conflict of interest, adequacy policy, etc.

Personal data collection

In order that HPB Group may open recruitment procedure for filling a post, it is necessary that you share your personal data with us (for example, your first and family name, address, telephone number, information on your training, work experience, etc.). When collecting personal data, the Group complies with the principle of data minimisation in relation to the purpose concerned.

The Group collects and processes personal data with the purposes of carrying out the recruitment and selection procedures and starting the employment relationship. The quantity of data we will have to collect depends on the process and work post for which you have applied and the type of the selection procedure which is applied (for example, the psychological tests, professional tests, interviews, etc.). In addition to data we need for the recruitment and selection procedures, we are obliged to collect also certain data to comply with a legal obligation; such data have been determined by the legislation governing the specificities related to the employment relationships in credit institutions, including that governing the prevention of conflict of interest, adequacy policy, etc.

Processing of personal data

All your data, learned by the Group in the recruitment and selection procedure, including your personal data, are protected by law, and are considered confidential (banking secrecy). HPB shall not start the processing of your data unless this is necessary for the specific recruitment and selection process, the processing has been conditional on law, there is a legitimate interest or you have given specific consent for the processing of your personal data.

HPB Group collects and processes in its daily business operations the personal data of job seekers (employment, work contract, students, practical training) within the labour law and comparable relationships.

In the recruitment and selection context, the bases for data collection and processing are primarily the Group’s legitimate interests. The purposes are to collect and process relevant recruitment documents, to test candidates and to analyse the results. The objects of these processing operations are to select the candidates on as objective as possible criteria, to ensure the avoidance of any form of discrimination and to select and hire the candidate who by his or her experience, education, skills and competences meets the requirements of the job position in the best possible way.

Personal data may be also processed for other specific purposes but always within the framework provided for by law or if the processing is required for the purposes of establishing the employment or other comparable relationship.

In selection procedure HPB Group creates profiles of candidates (profiling) using standardized procedures and techniques to evaluate characteristics and skills of candidates. Those evaluations are made after a data protection impact assessment has been carried out. Profiling is made for the purposes of verifying basic abilities of the candidates (attention and concentration skills, intelligence tests), professional knowledge and skills, and identifying candidate personal characteristics indicative of a work position concerned. Some of these procedures may be based on automated processing of personal data. We stress that the final evaluation serving as the basis for the selection of a candidate is never the result of automated processing of data.

In compliance with the General Data Protection Regulation, the Group ensures to the candidates the right to submit at any time complaints related to automated and manual data processing.

Because of the specific nature of its activities, the Group processes also personal data related to criminal convictions and offences or related security measures. Such data are processed only in exceptional cases when required by law or when the processing of such data is necessary in order to manage reasonable risks. Systematic processing of data related to criminal convictions and offences or related security measures, such as for recruitment purposes for certain positions, is carried out only upon a data protection impact assessment.

In order to ensure better quality of recruitment and selection procedures, HPB Group in certain cases cooperates with partners. In that context, the Group may play several roles, and it is important that you understand them in order to get a full picture of how your data have been processed in such co-operations:

  • a controller – when the Group determines independently the purposes of processing, for example in the situations where it implements the recruitment and selection procedures alone
  • a joint controller – in the situations where the Group determines together with other legal persons the purposes of processing, such as in cases of the cooperation with external placement services
  • a processor – where the Group processes personal data on behalf of another legal person and does not determine the purposes of processing, for example where the Group implements the recruitment and selection processes on behalf of individual members of HPB Group.
Rights of candidates

The protection of personal data implies also significant rights of candidates, namely:

  • request the confirmation whether or not your personal data have been processed, to request access to data and purposes of processing, categories of data and potential recipients processing your personal data
  • request rectification of incorrect personal data if the Group does not have your updated data
  • request erasure of data not necessary for the purposes for which they have been collected or restriction of the purposes of the processing of data you have provided to the Group if you have justified reason for that
  • submit a complaint concerning the processing or transfer of data to third parties
  • withdraw consent given for the processing of personal data and we will then stop to process your personal data for the purpose for which the consent has been given
  • request the transfer of your data to another controller

If you want to exercise any of these rights, and all the preconditions have been met therefor, please send your request in writing, mailing it to the address listed below, or electronically to dpo@hpb.hr, or directly to the Human Resources Management Office.

HPB Group is processing and protecting personal data in its operations in compliance with the legislation governing the processing of personal data. We have adopted thus the Personal Data Protection Policy of Hrvatska poštanska banka providing for all the information on your rights and our obligations related to personal data.

The Personal Data Protection Policy of Hrvatska poštanska banka may be accessed on www.hpb.hr.

Assignment and transfer of data

With the purposes of selection procedure quality assurance, the Group may engage third parties as the processors of data of the job candidates (externalised recruitment and selection procedures). In these situations the Group may be the controller or the joint controller.

Your personal data have been protected at HPB Group but also at the business partners who process your data in compliance with the obligations and rules set out in the contracts on externalisation of services.

Consents to use personal data

The Group shall in certain situations require your consent in order that it may use the personal data provided by you in your applications for certain job positions and you may choose to give one, several, all or no consent.

The consents refer to the situations where you give us the possibility to include you in recruitment processes where you have not directly applied for a certain job position (registration to database or application for another job position).

We will also ask for the consent for the participation in the selection procedure, including several types of standardised or adapted assessment procedures.

The consent is voluntary and may be withdrawn at any moment.

Data retention time limits

The Group keeps data in compliance with the legislation and sometimes longer when it has a legitimate interest such as to resolve potential complaints or disputes, while for the purposes of statistical analyses the Group uses data rendered anonymous.

The documents collected during the selection of the candidates to be included in the recruitment procedure and for the candidates who have not been selected for the recruitment procedure shall be kept for 12 months upon the expiration of the time limits set for the appeals.

If we have your consent, open applications and attached documents will be kept for 18 months and the time limit may be extended for another 18 months following the time we have updated information, but at any case for 3 years at the most.

The documents collected for the selection procedure, for the candidates who were tested and/or had several rounds of interviews but were not selected for employment, will be kept for 5 years following the expiration of the time limits set for the appeals.

Contact details

Hrvatska poštanska banka
Jurišićeva 4, 10000 Zagreb
hpb@hpb.hr
Data protection officer: dpo@hpb.hr

If you feel that your right to personal data protection has been breached, you may submit the complaint to the Croatian Personal Data Protection Agency, e-mailing to: azop@azop.hr.

Investment banking and HPB Invest

HPB Invest and the investment bank of the Croatian Post Bank have prepared a brochure for you, which in a concise, transparent and comprehensible manner provides information regarding the processing of your personal information.
In the information materials you are approached, the processing in the part of the business with HPB Invest and the investment banking of Hrvatska poštanska banka is explained.

For additional questions, please contact us at dpo@hpb.hr.

Introduction

HPB Group provides information to all customers on the protection and processing of personal data for:

  • the investment services of the Bank (brokerage services, portfolio management, investment consulting and custody)
  • the open-end investment funds of HPB Invest

HPB Group considers that the protection of natural persons in relation to the processing of personal data is a fundamental right, and we wish that our customers feel safe and that their customer experience is at the highest level. Therefore, it is of the utmost importance that the customer personal data are properly protected and we pay particular attention to that.

When processing personal data, HPB Group ensures that data are processed exclusively in compliance with the current laws and that all the rights of the customers are respected. We will process data in a transparent manner and only if the processing is required for clear purposes and in the interest of the customers. We will use the technological measures available for the customer data protection. Processing means storage, recording, organisation, consultation and transmission of data by HPB Group or third persons, based on the contractual relationship between HPB Group and such third persons, during the term of the business relationship with the customer and upon its termination, during the period of time within which HPB Group is obliged to retain individual documentation.

Personal data collection

In order that HPB Group may establish a business relationship with you and provide you a quality service, it is necessary that you share your personal data with us (for example, your first and family name, address, PIN, telephone number, e-mail address, etc.). When collecting personal data, HPB Group complies with the principle of data minimisation in relation to the purpose concerned.

HPB Group collects and processes personal data for the purposes of contracting services and establishing business relationships, performing contractual obligations, and carrying out customer due diligence. The quantity of data we will have to collect depends on the service or product requested (for example, the opening of a bank account, term deposits, loan approval, acquiring a credit card, investment services, investments in UCITS funds, etc.). In addition to data we need for the provision of services, we are obliged to collect also certain data to comply with a legal obligation, and without such data we will not be able to provide you our services. Those data collected for compliance with a legal obligation have been defined in the laws governing the prevention of money laundering and terrorist financing, the operations of credit institutions, in tax laws governing administrative cooperation in the area of taxes, and in laws governing housing savings, consumer and housing consumer lending, capital market and fund management, etc.

When providing services, HPB Group collects personal data through questionnaires and forms. HPB Group is obliged to collect such data for compliance with a legal obligation and in order that it may enter into a contract or establish a business relationship. If you choose to withhold any of your personal data, HPB Group will not be able to establish a business relationship, receive order or carry out a transaction.

Although personal data are collected directly from customers via questionnaires/forms, certain data may be obtained also from public sources such as the court register.

Signing questionnaires/forms, customers confirm that all data provided therein are true, and authorise HPB Group to verify them; the customers shall notify HPB Group of any changes to such data.

All questionnaires and forms through which personal data are collected are available in the business premises of HPB Group and on the websites www.hpb.hr and www.hpb-invest.hr.

Processing of personal data

All your data, learned by HPB Group providing you the services, including your personal data, are protected by law, and are considered confidential (banking secrecy). HPB Group shall not start the processing of your data unless this is necessary for the provision of the service you have requested, the processing has been conditional on law, there is a legitimate interest or you have given specific consent for the processing of your personal data.

HPB Group in some cases, in order to provide you better and complete service, cooperates with partners. In that context, HPB Group may play several roles, and it is important that you understand them in order to get a full picture of how your data have been processed in such co-operations:

  • a controller – when it determines independently the purposes of processing, for example in the situations where it contracts its own products and services
  • a joint controller – in the situations where it determines together with other legal persons the purposes of processing in order to create and offer joint products
  • a processor – where it processes personal data on behalf of another legal person and does not determine the purposes of processing, as for example for contracting direct debiting with recipients of payments.
Rights of customers

The protection of personal data implies also significant rights of customers, namely:

  • request the confirmation whether or not your personal data have been processed, request access to data and purposes of processing, categories of data and potential recipients processing your personal data
  • request rectification of incorrect personal data if HPB Group does not have your updated data
  • request erasure of data not necessary for the purposes for which they have been collected or restriction of the purposes of the processing of data you have provided to HPB Group if you have justified reason for that
  • submit a complaint concerning the processing or transfer of data to third parties
  • withdraw consent given for the processing of personal data and we will then stop to process your personal data for the purpose for which the consent has been given
  • request the transfer of your data to another controller

If you want to exercise any of these rights, and all the conditions have been met therefor, please send your request in writing, mailing it to the address listed below, or electronically to dpo@hpb.hr, or bring it to any branch office of the Bank.

HPB Group is processing and protecting personal data in its operations in compliance with the legislation governing the processing of personal data. We have adopted thus the Personal Data Protection Policy providing for all the information on your rights and our obligations related to personal data.

The Personal Data Protection Policy of Hrvatska poštanska banka may be accessed on www.hpb.hr and www.hpb-invest.hr

Additional information

Depending on a product or service, HPB Group may require also additional information from the customer. For investment services we will require additional information on knowledge, experience, financial situation and investment goals (such as, trading dynamics, total annual income, experience in investing, etc.) in order that we may assign you adequate customer status (small and professional investors), and you have the right to request the change of your status. HPB Group will, where providing investment service, make your investment profile in order to assess whether a requested service and financial instruments are appropriate/adequate for you and in compliance with your willingness to take risks and loss bearing capacity. The assessment of the appropriateness/adequacy shall be made on the basis of data collected by HPB Group and related to your investment goals, financial situation and your investing knowledge and experience.

Where contracting a margin lending transaction, the Bank shall collect data such as professional degree, marital status, number of household members, etc. For the compliance of the legal obligation related to risk management, in particular credit risk management, the Bank pursues a legal interest to consult the Croatian Registry of Credit Obligations. If the customer does not provide personal data necessary for the assessment, the Bank shall not approve the loan.

HPB Group shall when establishing the business relationship with you identify your tax residency/residencies in order to be able to report if you are the tax resident in another country to the Ministry of Finance – Tax Administration. HPB Group is obliged to collect personal data in compliance with the reporting and due diligence rules.

Assignment and transfer of data

HPB Group may make available the customer’s data in compliance with the current legislation to certain institutions, for example, to the Croatian National Bank, the Croatian Financial Services Supervisory Agency, Central Depository and Clearing Company Inc., the Financial Agency, the Zagreb Stock Exchange, the Croatian Data Protection Agency, tax authorities, etc., as well as to business partners with whom it may also share data for the purposes of the performance of the contractual obligations (for example, for trading in countries other than Croatia).

HPB Group shall transfer your personal data exclusively at the request of regulatory bodies and external auditors who shall then be regarded as recipients of personal data.

Data retention time limits

Personal data collected by the Bank where providing investment services shall be kept by it in compliance with the Anti-Money Laundering and Terrorist Financing Act for 10 years at the most, counting from the date of termination of business relationship or the date of transaction. The Bank shall keep other data for the periods of time set out in the internal act on the archives protection, for at least 11 years.

HPB Invest shall keep personal data in compliance with the time limit prescribed by law, for 10 years at the most.

Thank you for the confidence that you have placed in us. We are looking forward to continuing successful cooperation!

Contact details
Hrvatska poštanska banka
Jurišićeva 4, 10000 Zagreb
hpb@hpb.hr
Data protection officer: dpo@hpb.hr
HPB Invest d.o.o.
Strojarska 20, 10000 Zagreb
hpb.invest@hpb.hr

If you feel that your right to personal data protection has been breached, you may submit the complaint to the Croatian Personal Data Protection Agency, e-mailing to: azop@azop.hr.

HPB-Stambena štedionica

The HPB-Stambena štedionica provides you with a brief, transparent and comprehensible way of providing information regarding the processing of your personal data (obligations under the General Data Protection Act, Articles 13 and 14).

In the informative materials you access, explained the processing in the part of the business with HPB-Stambena štedionica.

If you have any questions, feel free to contact us at dpo@hpb.hr.

Introduction

HPB-Stambena štedionica d.d. (hereinafter: Savings bank) considers that the protection of natural persons in relation to the processing of personal data is a fundamental right, and we wish that our customers feel safe and that their customer experience is at the highest level. Therefore, it is of the utmost importance that the customer personal data are properly protected and we pay particular attention to that.

When processing personal data, the Savings bank ensures that data are processed exclusively in compliance with the current laws and that all the rights of the customers are respected. We will process data in a transparent manner and only if the processing is required for clear purposes and in the interest of the customers. We will use the technological measures available for the customer data protection. Processing means storage, recording, organisation, consultation and transmission of data by the Savings bank or third persons, based on the contractual relationship between the Savings bank and such third persons, during the term of the business relationship with the customer and upon its termination, during the period of time within which the Savings bank is obliged to retain individual documentation.

Personal data collection

In order that the Savings bank may establish a business relationship with you and provide you a quality service, it is necessary that you share your personal data with us (for example, your first and family name, address, PIN, telephone number, etc.). When collecting personal data, the Savings bank complies with the principle of data minimisation in relation to the purpose concerned.

The Savings bank collects and processes personal data for the purposes of contracting services and establishing business relationships, and performing contractual obligations. The quantity of data we will have to collect depends on the service or product requested (for example, housing savings or approval of housing loan). In addition to data we need for the provision of services, we are obliged to collect also certain data to comply with a legal obligation, and without such data we will not be able to provide you our services. Those data collected for compliance with a legal obligation have been defined in the laws governing the prevention of money laundering and terrorist financing, the operations of credit institutions, in tax laws governing administrative cooperation in the area of taxes, and in laws governing housing savings, consumer and housing consumer lending, etc.

Processing of personal data

All your data, learned by the Savings bank providing you the services, including your personal data, are protected by law, and are considered confidential (banking secrecy). The Savings bank shall not start the processing of your data unless this is necessary for the provision of the service you have requested, the processing has been conditional on law, there is a legitimate interest or you have given specific consent for the processing of your personal data.

The Savings bank in some cases, in order to provide you better and complete service, cooperates with partners. In that context, the Savings bank may play several roles, and it is important that you understand them in order to get a full picture of how your data have been processed in such co-operations:

  • a controller – when it determines independently the purposes of processing, for example in the situations where it contracts its own products and services
  • a joint controller – in the situations where it determines together with other legal persons the purposes of processing, such as entering into contracts on housing savings in the premises of HPB d.d., where the Bank’s employee carries out the customer due diligence in order to contract a housing savings plan
  • a processor – where it processes personal data on behalf of another legal person and does not determine the purposes of processing. The example of the processor is the Croatian Post which for the purpose of entering into a contract on housing savings collects forms to be completed for such contract and then delivers them to the Savings bank where they are processed and a housing savings account is opened.

The processing of personal data may be carried out for the purposes of contracting products and services, for compliance with a legal obligation and for a legitimate interest. A legitimate interest constitutes the processing of data for the purpose of improving business processes, services and products of the Savings bank, and developing a customer business relationship.

Automated decision-making is an integral part of the Savings bank’s business and is thus necessary and the processing of data may be carried out in compliance with the current laws applied to the Savings bank, with the purpose of ensuring safety and reliability of the services provided by it, for a legitimate interest.

The example of automated processing is making decisions on housing loans (ordinary) following the expiration of housing savings plan on the basis of payments made from housing savings, according to contractual terms and conditions. That said, the Savings bank may not approve a housing loan (ordinary) upon the expiration of the savings plan if a saver has not complied with the contractual provisions and has not collected enough funds in the account or has not credited it with the required amount of interest during the contracted period of saving. Such automated processing operations inherent to the Savings bank’s business may be periodically repeated.

In compliance with the General Data Protection Regulation, the Savings bank ensures to the data subjects the right to submit complaints related to automated and manual data processing for the purposes of direct marketing, including customer profiling, at any time and free of charge.

Rights of customers

The protection of personal data implies also significant rights of customers, namely:

  • request the confirmation whether or not your personal data have been processed, request access to data and purposes of processing, categories of data and potential recipients processing your personal data
  • request rectification of incorrect personal data if the Savings bank does not have your updated data
  • request erasure of data not necessary for the purposes for which they have been collected or restriction of the purposes of the processing of data you have provided to the Savings bank if you have justified reason for that
  • submit a complaint concerning the processing or transfer of data to third parties
  • withdraw consent given for the processing of personal data and we will then stop to process your personal data for the purpose for which the consent has been given
  • request the transfer of your data to another controller

If you want to exercise any of these rights, and all the conditions have been met therefor, please send your request in writing, mailing it to the address listed below, or electronically to dpo@hpb.hr, or bring it to any branch office of Hrvatska poštanska banka or the premises of the Savings bank.

The Savings bank is processing and protecting personal data in its operations in compliance with the legislation governing the processing of personal data. We have adopted thus the Personal Data Protection Policy providing for all the information on your rights and our obligations related to personal data.

The Personal Data Protection Policy may be accessed on www.hpb.hr and www.hpb-stedionica.hr.

Additional information

Depending on a product or service, the Savings bank may require also additional information from the customer.

For example, to contract housing savings, the Savings bank is obliged under the Housing Savings Act, to identify whether you are the national of the Republic of Croatia, or whether you are a permanent resident of the Republic of Croatia if you are not the national of the Republic of Croatia, and obtain your PIN for the purposes of recording the rights to state subsidies, while under the Anti-Money Laundering and Terrorist Financing Act, the Savings bank is obliged to collect the minimum set of data, necessary to establish a business relationship.

In order to contract a housing loan, you have to be, under the Act on Housing Savings and State Subsidies of Housing Savings, a saver and you are subject to the above requirements. For example, to contract credit products (ordinary housing loans or loans for inter-financing), the Savings bank is, under the Consumer Housing Loans Act and subordinate acts of the Croatian National Bank, including in particular the Decision on additional criteria for consumer creditworthiness assessment and pursuing recovery, obliged to assess the customer’s creditworthiness. For that purpose, the Savings bank collects data such as the name of the company where the customer is employed, monthly salaries, number of family members, including dependent members, type of movable and immovable property, professional degree, marital status, family members’ salaries, household costs, etc. Because of its legal obligation to manage risks, in particular credit ones, the Savings bank has a legitimate interest to consult credit and other registers before it approves housing loans or in cases of changes in initially agreed credit terms and conditions. Because of that, it is necessary to complete the form – Application for housing loan, provide information on debtor, co-debtor and guarantors, and also provide attested Statement on inter-financing. The customers shall also provide the Savings bank with the set of data depending on the individual terms and conditions set out for housing loans, such as the last three payrolls, the consultation of Central Registry of Affiliates, Real Property Purchase Agreement, etc. On the basis of these, the Savings bank will assess the validity of the loan application in accordance with the Housing Savings Act, or lenders’ creditworthiness. If the customer is not adequately creditworthy or does not provide personal data necessary for assessment, the Savings bank shall refuse to provide a product. Also, for pursuing a legitimate interest of facilitating business in the future and easier communication with the customer, the Savings bank may require the contact details, such as telephone or mobile phone number and e-mail address.

Assignment and transfer of data

The Savings bank may make available the customer’s data in compliance with the current legislation to certain institutions, for example, to the Croatian National Bank, the Croatian Data Protection Agency, tax authorities, etc., as well as to business partners with whom it may also share data for the purposes of the performance of the contractual obligations (for example, in the Republic of Croatia, to send statements or for the purposes of the externalised services).

Data retention time limits

The Savings bank keeps data for the periods of time set out in accordance with the time limits prescribed by law and sometimes longer when it has a legitimate interest such as to resolve potential complaints or disputes, and for the purposes of statistical analyses. The special internal act provides for the periods of time within which the documentation used by the Savings bank shall be kept. For example, those data we have collected in compliance with the legal obligation to take anti-money laundering and terrorist financing measures are kept for 10 years following the day of the termination of business relationship or the date of transaction.

Also, those product requests which have not been realised (loan applications, cancelled housing savings contracts for a period of 14 days, as prescribed by law) shall be kept by the Savings bank, pursuing its legitimate interest (potential claims, complaints and better monitoring of requests of repetitive character), for 2 years.

Thank you for the confidence that you have placed in us. We are looking forward to continuing successful cooperation!

Yours faithfully,

HPB-Stambena štedionica

Contact details

HPB-Stambena štedionica d.d.
Savska cesta 58, 10000 Zagreb
Info telephone: 0800 232 332
hpb.stambena@hpb.hr
Data protection officer: dpo@hpb.hr

If you feel that your right to personal data protection has been breached, you may submit the complaint to the Croatian Personal Data Protection Agency, e-mailing to: azop@azop.hr.

HPB-nekretnine

HPB-nekretnine provides you in a concise, transparent and comprehensible manner information regarding the processing of your personal information.

The information materials you access explain the processing of personal information in the services we provide:

  • real estate brokerage,
  • engineering services (real estate appraisal, reassessment, opinion on valuation of property of another appraiser, opinion on the bill of quantities, financial supervision)

In the case of additional questions, feel free to contact us at dpo@hpb.hr or hpb.nekretnine@hpb.hr.

Engineering services
Introduction

HPB-nekretnine d.o.o. and HPB Group provide information to all customers on the protection and processing of personal data for the services:

  • immovable property appraisal/reappraisal
  • opinion on immovable property appraisal made by another appraiser
  • opinion on cost statement
  • financial supervision

HPB Group considers that the protection of natural persons in relation to the processing of personal data is a fundamental right, and we wish that our customers feel safe and that their customer experience is at the highest level. Therefore, it is of the utmost importance that the customer personal data are properly protected and we pay particular attention to that.

When processing personal data, HPB Group ensures that data are processed exclusively in compliance with the current laws and that all the rights of the customers are respected. We will process data in a transparent manner and only if the processing is required for clear purposes and in the interest of the customers. We will use the technological measures available for the customer data protection. Processing means storage, recording, organisation, consultation and transmission of data by HPB Group or third persons, based on the contractual relationship between HPB Group and such third persons, during the term of the business relationship with the customer and upon its termination, during the period of time within which HPB Group is obliged to retain individual documentation.

Personal data collection

In order that HPB Group may establish a business relationship with you and provide you a quality service, it is necessary that you share your personal data with us (for example, your first and family name, address, PIN, telephone number, etc.). When collecting personal data, HPB Group complies with the principle of data minimisation in relation to the purpose concerned.

HPB Group collects and processes personal data for the purposes of contracting services and establishing contractual relationships, and performing contractual obligations. The quantity of data we will have to collect depends on the service or product requested (immovable/movable property appraisal, immovable property reappraisal, opinion on immovable property appraisal made by another appraiser, opinion on cost statement and financial supervision, etc.).  In addition to data we need for the provision of services, we are obliged to collect also certain data to comply with a legal obligation, and without such data we will not be able to provide you our services.

To provide you the services above, we need also the immovable property related documentation which may include your personal data if you are the owner of the immovable property or personal data of another owner of the immovable property. If you provide personal data which are not yours, please advise accordingly the person whose personal data have been provided to us by you.

In addition to personal data provided by you, we also collect publicly available data related to immovable properties in public registers (e-cadastre and e-land registry) which may include your personal data if you are the owner of the immovable property or personal data of another owner of the immovable property.

Processing of personal data

The controller is HPB-nekretnine d.o.o., Amruševa 8, 10000 Zagreb, the member of HPB Group.

All your data, learned by HPB Group providing you the services, including your personal data, are protected by law, and are considered confidential (banking secrecy). HPB Group shall not start the processing of your data unless this is necessary for the provision of the service you have requested, the processing has been conditional on law, there is a legitimate interest or you have given specific consent for the processing of your personal data.

HPB Group in some cases, in order to provide you better and complete service, cooperates with partners. In that context, HPB Group may play several roles, and it is important that you understand them in order to get a full picture of how your data have been processed in such co-operations:

  • a controller – when it determines independently the purposes of processing, for example in the situations where it contracts its own products and services
  • a joint controller – in the situations where it determines together with other legal persons the purposes of processing in order to create and offer joint products
  • a processor – where it processes personal data on behalf of another legal person and does not determine the purposes of processing, as for example for contracting direct debiting with recipients of payments.
Rights of customers

The protection of personal data implies also significant rights of customers, namely:

  • request the confirmation whether or not your personal data have been processed, request access to data and purposes of processing, categories of data and potential recipients processing your personal data
  • request rectification of incorrect personal data if HPB Group does not have your updated data
  • request erasure of data not necessary for the purposes for which they have been collected or restriction of the purposes of the processing of data you have provided to HPB Group if you have justified reason for that
  • submit a complaint concerning the processing or transfer of data to third parties
  • withdraw consent given for the processing of personal data and we will then stop to process your personal data for the purpose for which the consent has been given
  • request the transfer of your data to another controller

If you want to exercise any of these rights, and all the conditions have been met therefor, please send your request in writing, mailing it to the address listed below, or electronically to dpo@hpb.hr, or bring it to any branch office of the Bank or the premises of HPB-nekretnine d.o.o.

HPB Group is processing and protecting personal data in its operations in compliance with the legislation governing the processing of personal data. We have adopted thus the Personal Data Protection Policy providing for all the information on your rights and our obligations related to personal data.

The Personal Data Protection Policy of Hrvatska poštanska banka may be accessed on www.hpb.hr

Assignment and transfer of data

If you request the service consisting of immovable property appraisal/reappraisal and financial supervision, we may forward your personal data to an external contractor who possesses professional competences and provides sufficient guarantees that appropriate measures will be implemented to protect personal data and who has entered into the cooperation agreement with HPB-nekretnine d.o.o., all with the purposes of providing you better quality of service and as fast as possible. If you need an opinion on immovable property appraisal made by another appraiser or on cost statement, we do not transmit your personal data other than within HPB Group.

In order that we may provide you affordable and acceptable service, we may share your personal data with the members of HPB Group which continuously implements technical and organisational measures appropriate to protect your personal data.

We wish to inform you that we may use the product/service we provided to you, for example the immovable property appraisal/reappraisal, in the future within HPB Group in order to improve our business operations and quality of our own services.

Data retention time limits

We will keep your personal data for 10+1 years, as laid down in the Decision on archiving materials adopted on 26th April 2018 by the Management Board of HPB-nekretnine, based on our legitimate interest in case of resolving potential complaints or disputes.

Thank you for the confidence that you have placed in us. We are looking forward to continuing successful cooperation!

Yours faithfully,
HPB-nekretnine d.o.o.

Contact details
Hrvatska poštanska banka
Jurišićeva 4, 10000 Zagreb
hpb@hpb.hr
Data protection officer: dpo@hpb.hr
HPB-nekretnine d.o.o.
Amruševa 8, 10000 Zagreb
hpb.nekretnine@hpb.hr

If you feel that your right to personal data protection has been breached, you may submit the complaint to the Croatian Personal Data Protection Agency, e-mailing to: azop@azop.hr.

We, the controller, have the right to preclude the erasure of your personal data, refuse the restriction of purposes or preclude the prevention of transmission of data to third parties if we cannot provide you the service you requested or if the retention of certain personal data has been provided for by special law and we are obliged to retain them.

Real estate brokerage services
Introduction

HPB-nekretnine d.o.o. to all its clients provides information on the protection and processing of personal data for real estate brokerage services.

HPB-nekretnine is of the opinion that the protection of personal data of individuals is the fundamental right of every person, and we want you to feel as safe as our client and that your experience as a HPB-nekretnine Client is at the highest level. Therefore, it is extremely important for us that the personal data of the client is adequately protected and we attach great importance to it.

When processing your personal information, HPB-nekretnine ensures that they are processed solely in accordance with applicable laws and respecting all customer rights. Processing of personal data will be transparent and data will be processed only if this is clearly foreseen and in the interest of the client, and will use the available technological measures to protect the personal information of the clients. The term data processing involves the storage, recording, organizing, viewing and transfer of personal data in HPB-nekretnine, or to third parties with which HPB-nekretnine is in a contractual relationship, during a business relationship as well as after termination of a business relationship with a client, during the period in which HPB-nekretnine are required to keep certain documentation.

Collection of personal data

In order for HPB-nekretnine to establish a business relationship with you and to provide you with a quality service, it is necessary to share your personal information (e.g. name and surname, address, personal identification number (OIB), phone number or any other personal information required by the regulation for prevention of money laundering and terrorist financing and real estate brokerage regulations). When collecting personal data, HPB-nekretnine is governed by the principle of collecting the minimum number of personal data for each purpose.

Data for which a statutory obligation to collect has been established are regulated by the regulations governing the prevention of money laundering and terrorist financing and real estate brokerage.

HPB-nekretnine collects and processes personal data for the purpose of contracting services and establishing a contractual relationship and fulfilling the contractual obligation. The amount of data we will need to collect depends on the requested service or product (e.g. brokerage, sales, (sub)lease, rent, business and technical co-operation, etc.). In addition to the information we need for contracting services, we are required to collect certain information for which there is a statutory obligation to collect and without them we will not be able to provide you our service.

Personal Data Processing

The personal data processing manager is: HPB-nekretnine d.o.o., Amruševa 8, 10000 Zagreb, which is a member of the Hrvatska poštanska banka Group. All the information HPB-nekretnine has learned about you by providing you the service, including your personal data, are protected by law as confidential data (bank secret). HPB-nekretnine will not process your data if it is not necessary for the realization of the service you have requested, if the processing is not legally required, if there is no legitimate interest for that or if you have not given a specific personal data approval.

To provide you with the best and most complete service, in some cases HPB-nekretnine will co-operate with their partners. In this respect, HPB-nekretnine may have several important roles, which it is important to understand, in order to have a complete picture of how your data is being processed in these co-operations:

  • Processing Manager – When it independently determines the purpose of data processing, such as situations where it contracts its own products and services
  • Shared Personal Data Manager – In situations where determining the purpose of data processing with other legal entities, such as creating and offering common products
  • Executioner – When processing the personal data by the order of another subject and it does not specify the purpose of the processing, the example of such processing is the settlement of direct debit with payees
The Clients right

The protection of personal data implies significant client rights, namely:

  • Request confirmation of whether your personal information are being processed and access to your personal information and the purpose of their processing, data categories and potential recipients who process your personal information
  • Request correction of incorrect personal information if HPB-nekretnine does not updated data
  • Request deletion of data that is not necessary in relation to the purpose for which it was collected or limit the purpose of processing the personal data you have given to HPB-nekretnine, if you have a valid reason
  • File complaints about the processing procedure or the transferability of data to third parties
  • Revoke the approval based on which we process personal information, after which we cease processing your personal information for the purpose for which it was given
  • Request the transfer of your data to another processing manager

In case you want to realize any of these rights, and all of the prerequisites are fulfilled, apply for realization of the right in writing by mail to the address below, by e-mail to dpo@hpb.hr or in the HPB-nekretnine offices.

HPB-nekretnine Personal Data Processing and Protection is in compliance with the legal regulations regulating the processing of personal data. For that reason, we have adopted the Privacy Policy of Hrvatska poštanska banka, where in one place we provide information about your rights and our obligations regarding personal data.

The Privacy Policy of Hrvatska poštanska banka is available at www.hpb.hr.

Contact information
Hrvatska poštanska banka
Jurišićeva 4, 10000 Zagreb
hpb@hpb.hr
Personal Data Protection Officer: dpo@hpb.hr
HPB-nekretnine d.o.o.
Amruševa 8, 10000 Zagreb
hpb.nekretnine@hpb.hr

If you feel that your right to protection of personal data has been violated, you can file a complaint with the Personal Data Protection Agency (AZOP) to the following e-mail address: azop@azop.hr.

As Data Processing Managers, we have the right to prevent the deletion of your personal data, to refuse limiting the purpose, or to prevent transferring data to third parties, if doing so we are unable to fulfil the service you requested from us, or if the keeping certain personal data is prescribed by a special law and we are obliged to keep them.

Assigning and transferring data

In the case of a contract on business or technical cooperation, we may forward your personal data to an external contractor, who has professional competencies and  provides sufficient guarantees regarding the provision of adequate personal data protection measures, and with which HPB-nekretnine d.o.o. has signed a contract of cooperation, all for the purpose of providing you with a faster and more quality service. In case you ask for the other services listed above, your personal data will not leave the HPB Group.

In order to provide you with a more favourable and more acceptable service, we may share your personal data with HPB Group members. The HPB Group continually undertakes significant organizational and technical measures to protect your personal information.

We would like to inform you that there is a possibility that the service we have supplied to you will be used in the future within the HPB Group to improve our own business and the quality of our own services.

Data keeping deadlines

We keep your personal information 10 + 1 year, as required by the Decision on Document Archiving, issued on April 26, 2018 by the Board of HPB-nekretnine, which is based on legal regulations (such as the Law on Money Laundering and Terrorist Financing) or our legitimate interest in solving potential complaints or disputes.

Thank you for your trust. We hope to continue the successful cooperation!

Yours faithfully,

HPB-nekretnine d.o.o.

Personal data protection policy

Data protection has an important place in Hrvatska poštanska banka Group’s business which in its everyday operations collects and processes personal data of customers, employees, business partners and other persons with whom it cooperates in business. This Policy sets forth the fundamental principles of, and rules on the data protection in compliance with the business and security requirements of HPB Group, as well as with laws, best practices and internationally accepted standards.

The Personal Data Protection Policy is the fundamental act describing the purpose and goals of collecting, processing and managing personal data within HPB Group, based on the leading global practices in the area of personal data protection. The Policy ensures the adequate level of data protection in compliance with the General Data Protection Regulation and other applicable current laws in connection with personal data protection, ensured additionally by the Group by detailed internal Acts.

All members of HPB Group have adopted this Policy.

Contacts:
Hrvatska poštanska banka d.d.
Jurišićeva 4, 10000 Zagreb
hpb@hpb.hr
Personal Data Protection Officer: dpo@hpb.hr