Privacy Policy
1. Data controller
Batarelo Dvojković Vuchetich law firm LLP with headquarters in Zagreb, Ulica kralja Držislava 8, PIN: 32850554658 (“BDV” or “we” or “us”) hereby notifies you in accordance with Article 12, 13 and 14 of the General Data Protection Regulation (“GDPR”) on the information who is the data controller (responsible person for processing personal data), who are the recipients of data (persons authorised to receive the data in accordance with the contract and the legal provisions), which personal data ought to be processed, for what purposes, and how long we store the data.
BDV acts as a data controller within the meaning of the GDPR, and this Privacy Policy (“Policy”) gives an insight into our procedures regarding the collection and processing of personal data and the terms of use of our website.
2. Types of processed personal data
BDV collects and processes personal data about you (e.g. information that can directly or indirectly identify you, especially with identifiers such as name, surname, academic title, title, PIN, birth date, address, phone, email, company where you are employed, location information, IP address (“Personal Data”), in the following cases:
- when you are our client,
- when you ask us to send you an inquiry regarding our services,
- when we process data in accordance with our legal obligations (Attorneys Act, Anti Money Laundering and Terrorism Financing Act, Accounting Act, tax laws),
- when you contact us via the contact form or via e-mail,
- when we process your job application,
- when you visit our website and use the specific functionalities of our website.
BDV will not collect Personal Data unless you voluntarily provide it to us, except for certain Personal Data collected through the information systems and programs used for the operation of our website, whose transmission is necessary for the use of internet communication protocols and will not require more information than necessary for performing certain activity. If you do not want to provide us with Personal Data (except Personal Data relating to the use of internet communication protocols that are usually collected when visiting the website), you can still access our website, but you will not be able to sign in to the Client Intranet, apply for a job or contact us.
3. Data that we process
3.1. Cookies
Categories
Cookies are small files that are stored on your computer, which tell us which parts of our site the users visited. Cookies also provide us insight into user behaviour, in order to improve communication on the website:
FIRST CATEGORY – STRICTLY NECESSARY COOKIES
These cookies are the key to enabling browsing our websites and using their features. Without these cookies using of our website is not possible.
SECOND CATEGORY – FEASIBLE COOKIES
These cookies collect information on how you use our website – e.g. which sub-sites you visit the most. These data can be used to optimize our web-places and to make them easier to navigate. These cookies do not collect data based on which you may be identified. All data collected by these cookies are gathered and the collected data is anonymous.
THIRD CATEGORY – FUNCTIONALITY COOKIES
These cookies allow web-places to remember your selections while browsing. For example, we may store your geographic location in the cookie in order to take care of showing you our web-place localized for your area. It is possible that we will remember personal settings such as text size, fonts and other adaptable website elements. The data that these cookies collect will not personally identify you and can not track your activity while browsing on web-places outside this site.
Cookies that are not strictly necessary are activated only after the consent of the visitor. If the visitor of our website accepts these cookies, Google Analytics analyses (with an anonymizing function) are activated. We collect log information and information on the number of visitors on certain parts of our website. Google analyses the usage of the site, and cookies allow analysing visits by assigning a unique, randomly generated ID to your device by which your device is identified when visiting the site later.
The duration of the cookie is 2 (two) years. If you are visiting our site for the first time, a notification asking you to give us the consent to use Google Analytics will be displayed. If you give your consent, we will store the cookie on your computer and that notification will not appear until the expiration of the cookie. After the expiration of the cookie or if you actively delete the cookie beforehand, the notification will reappear during your next visit to our site and the invitation to give the consent will reappear.
You can disable cookies from being set with the appropriate browser changes at any time. You can withdraw your consent for web-analysis at any time by downloading and installing the Google Browser Plugin. This add-in lets Google Analytics know trough JavaScript that your information on the visit are not to be collected and processed. Google considers installation of the mentioned add-on to the browser as a valid object to collecting personal data. If at any later moment the deletion, formatting or reinstalling of the computer system of the data subject occurs, the data subject will need to reinstall the add-on to the browser to disable the action of Google Analytics.
For further information on Google Analytics please check the Google Analytics’ Terms of Service, Google Analytics’ Data privacy and security as well as Googles’ Privacy Policy.
You can withdraw your consent for web-analyses at any time by clicking on the following link:
WITHDRAW THE COOKIE CONSENT
3.2. Open Job Applications
BDV collects open applications of candidates who want to work with us. Only authorised persons within BDV, bound by confidentiality statement, who process those open job applications for the purpose of contacting the candidate and possible recruitment have the access to data from the open job applications. The data is stored up to 2 (two) years from the date of receiving the open job application, in order to contact specific candidates if needed.
3.3. Job Contests
The BDV processes Personal Data of the candidates who apply to our job contest and keeps them to the final completion of the job contest. After completing the job contest, BDV keeps Personal Data of the selected candidates with whom we enter into the Employment Agreement and Personal Data of the candidates who gave us the consent to remain in our database for up to 2 (two) years after the application for the job contest. Only authorised persons within the BDV have access to candidates’ Personal Data, and they process and analyse applications for the purpose of contacting the candidate and possible recruitment.
3.4. BDV’s summer Student Practice Program
BDV collects open applications of candidates who are interested in the BDV’s summer Student Practice Program. The access to the Personal Data from the open applications only have the authorised persons within BDV, bound by the confidentiality statement, who process and analyse open applications for the purpose of contacting the candidate and the data is kept for up to 2 (two) years from the date of receiving the open application.
3.5. Social Networks
The BDV has access to Personal Data on its contacts on social networks that are published, such as name and surname, employer’s company, likes, comments, connection requests, messages and memberships in certain groups. BDV uses social networks to respond to potential inquiries of related persons and to inform members of the social network about the news in its work.
3.6. Business co-operation with clients
BDV Clients are the persons with whom we have entered into an agreement on providing legal services in relation to representation and legal counselling (“Client” or “Clients”).
As attorneys we are obliged to keep confidential, as the attorney-client privilege, all the information pertaining to the Client and the subject of representation, all in the interest of the Client.
We keep the data for 10 (ten) years from the termination of the business cooperation and the transaction execution, or for 5 (five) years in the case of data of the authorised person, its deputy, client risk assessment, professional training and employee training and conducting an internal audit, after which the Personal Data is deleted, and the documentation is destroyed in accordance with the regulations governing the protection of Personal Data. If a certain Client wishes that the documentation is kept longer than the stated deadline, the BDV should be notified of it.
During the representation of the Client, BDV may get to know of or create confidential information. BDV will not, without the explicit consent of the Client, share these information with third parties, except for the members of the team working on the Client’s business, whom disclosing of these information is intended for, or which they have to know for the purpose of proper providing legal services. Also, we will take the necessary precautions to maintain the confidentiality of these information.
BDV will not, without explicit prior written consent of the Client, specify the Client as a reference, or specify the basic transaction data (including the value of the project related to which we are entrusted with representation). Regarding that, if the Client gives the explicit consent, certain professional publications that are ranking BDV on a yearly basis may sometimes contact our Clients.
BDV complies with the provisions of the applicable anti-money laundering laws in the Republic of Croatia. In order to comply with all statutory provisions, we are authorised to request additional evidence of Client’s identity in accordance with the applicable regulations. The BDV is obliged to inform the competent authorities about all potential cases of money laundering and is not obligated to compensate the Client for any damages arising as a result of the fulfilment of legal obligations.
The BDV, within its obligations under the Prevention of Money Laundering and Terrorism Financing Act (making a risk assessment of money laundering and terrorism financing, conducting due diligence measures of the client and other), collects personal information of the persons with whom it establishes a business cooperation or carries out the transaction. The data refers to first and last name, a copy of the ID card, residence, date of birth, identification number and nationality if the person is a natural person, and name, headquarters, identification number, legal form, and name and surname, identification number, address, e-mail, and telephone number of the legal representative if the person is a legal entity, while for all Clients we collect data such as purpose and nature of the business relationship, the Client’s business, sources of funds that are the subject of the business relationship and the time of establishing the business relationship.
4. Purposes, legal grounds for processing, and possible consequences of not providing Personal Data
When you provide your Personal Data or when we receive your Personal Data, we will limit the processing of Personal Data for purposes for which they have been collected in accordance with this Policy. Processing your Personal Data includes:
- taking steps on your request before signing contract (e.g. answering your questions and comments, meeting your requirements, submitting bids, receiving bids, communicating with you, processing an open application or signing up for a job),
- execution of a contract to which you are a party (e.g. providing legal services, providing access to certain areas and features on a website),
- investigating suspicion of fraud, harassment, physical threat or other violations of any laws, rules or regulations, web-site policy or the rights of third parties; or researching any suspicious behaviour that we find indecent,
- compliance with the legal obligation to which the BDV is subject (e.g. for disclosures prescribed by law, other regulations or court orders),
- processing for the purposes of, or in connection with, legal proceedings, establishing, defending or enforcing legal rights,
- performing data analytics or delivering communications via electronic tools (e-mail, social network), whether automated or not, in accordance with the appropriate legal bases, based on legitimate interest or given consent of data subject.
Giving Personal Data for the Purposes 1 to 5 above is voluntary, but any refusal to provide such data may disable BDV to enter into contract with you, respond to your requests, provide you with legal services, receive and process your application, and to comply with the legal obligations under which the BDV is subject.
The provision of Personal Data for the purposes described under number 6 is also voluntary. Failure to provide such Personal Data may prevent the BDV from carrying out data analytics or communicating with you in certain situations. We can still contact you for administrative purposes, such as a receipt or processing of your further requests.
In case you gave us consent for a specific purpose, you may in any case withdraw your consent and, in that case, the BDV will no longer process your Personal Data for this purpose, without any negative consequences.
5. Recipients
Your Personal Data may be disclosed, in close connection with the above purposes to:
- entities that need to send mail or email, remove recurring information from the list of recipients of services, analyse data and provide support, provide user services, and which typically handle Personal Data on behalf of BDV as processing executives, such as a cloud provider (as defined in Article 6 below);
- entities that maintain our IT systems;
- entities providing us with accounting services that are subject to the appropriate contractual obligation of confidentiality;
- persons authorised by the BDV for the processing of Personal Data, subject to the corresponding legal obligation of confidentiality (employees of BDV);
- BDV associates, who are subject to the appropriate contractual obligation of confidentiality;
- persons participating in the BDV Student Practice Program, who are subject to the appropriate contractual obligation of confidentiality;
- competent authorities and public authorities when required by applicable law or in good faith (for example, to comply with the provisions of the law or legal proceedings in relation to the BDV for the purpose of protecting and defending the rights or property of the BDV or, in urgent circumstances, the security of BDV clients or the public);
- business partners for their needs, only in accordance with appropriate legal grounds.
6. Transfer of Personal Data to third countries
BDV transfers Personal Data to US based cloud provider (data processors) who have accessed the Privacy Shield Agreement between the EU and the US, thus ensuring adequate protection of personal data. Relevant contractual clauses regarding protection of personal data are concluded with the processors.
7. Data retention
The BDV will process your Personal Data only for the time necessary to achieve the purposes described in Article 4 of this Policy.
In addition to the foregoing, the BDV will keep your Personal Data as required or permitted in accordance with applicable laws (e.g. at least 11 years, according to the Accounting Act, we shall keep documents based on which the data are entered into the accounting books, 10 years in accordance with Law on Attorneys and 5 or 10 years in accordance with the Anti Money Laundering and Terrorism Financing Act).
8. Your rights
The BDV informs you that, in accordance with and to the extent permitted by applicable laws, you have the right to request from the BDV access and correction or deletion of Personal Data, or processing limitations related to your Personal Data, as well as to object to processing activities and to file a complaint with the competent authority (in the Republic of Croatia to Personal Data Protection Agency). You also have the right to know the recipients or categories of recipients to which your Personal Data was or will be disclosed, especially to recipients in third countries.
9. Connection to the other websites
Our website may contain links to other websites that are not owned, managed, or maintained by the BDV. When you leave the site, you should notice and read the terms and privacy policy of each website you visit. Also, you should independently assess the authenticity of any website that appears or claim to be one of our sites (including those associated with an e-mail). Notwithstanding any links that may exist on our website, unless otherwise stated, we do not control, recommend or support, and are not affiliated with, these websites or their content, products, services or privacy policies. Downloading material from certain websites may result in a violation of intellectual property rights or the introduction of a virus into your computer system.
10. Security practices
The security of your Personal Data is of paramount importance, so we have set up the appropriate physical, electronic, and control procedures, as well as technical and organisational measures to protect the data we collect. Because of the open nature of the Internet, we cannot guarantee that communication between you and us or the information stored on our website or on our servers will be completely safe from unauthorised third-party access.
11. Competent law/jurisdiction
All questions related to our website and this Policy are governed by Croatian law. You agree that in connection with the procedure pertaining to this website and this Policy will be exclusive and local jurisdiction of the courts in the Republic of Croatia. We do not warrant or imply that our content/materials on our website are suitable for use outside the Republic of Croatia.
12. Compliance with the rules of the Croatian Bar Association
BDV has been approved and regulated by the Croatian Bar Association as a law firm.
This website is in line with the rules of the Croatian Bar Association for websites of attorneys at law, dated February 14, 2009.
Information on the Attorneys’ Code of Ethics can be found on the website http://www.hok-cba.hr/.
The Code, as well as all other regulations referred to by the Code, govern the BDV’s business.
The information on our website related to any service is only applicable in the Republic of Croatia and is not considered as legal advice.
13. Disclaimer
If any provision of this Policy is punitive, damaging or non-enforceable, such provision shall not apply to the extent to which it is null and void or inexcusable, provided that this does not affect the validity of the remaining provisions of this Policy.
14. Changes and updates of the Policy
BDV reserves the right to amend or update this Policy at any time and without prior notice. Please check from time to time any changes or updates to our policies that will be posted here with updated effective date on the first page of the Policy if any changes or updates are made.
15. Contact information
If you have any questions or comments regarding this Policy, you can contact us through our online form available at www.bdvlegal.com/contact/, by e-mail info@bdvlegal.hr, or by phone +385 1 5626 001.
Your BDV team