Privacy Policy

1. DATA CONTROLLER

Batarelo Dvojković Vuchetich Law Firm d.o.o. with headquarters in Zagreb, Ulica Milana Amruša 19, PIN: 32850554658 (BDV or “we” or “us”) hereby notifies you in accordance with Article 12, 13 and 14 of the General Data Protection Regulation (GDPR) who is data controller (responsible for processing personal data), who are the recipients of data (persons authorised to receive the data in accordance with the contract and the legal provisions), which personal data ought to be processed, for what purpose, and how long we keep the data.

BDV acts as a data controller within the meaning of the GDPR, and this Privacy Policy (Policy) gives an insight into our procedures regarding the processing of personal data and the terms of use of our website.

The BDV has appointed a Data Protection Officer, in accordance with the GDPR, and any questions regarding personal data processing can be redirected to: marija.boskovic@bdvlegal.com.

 

2. TYPES OF PERSONAL DATA WHICH WE PROCESS

BDV collects and processes personal data about you (e.g. information that can directly or indirectly identify you, especially with identifiers, such as name, surname, academic title, title, personal identification number, birth date, address, telephone, email, company where you are employed, location information, IP address (Personal Data), in the following cases:

  • when you are our client,
  • when you ask us to send you an inquiry regarding our services,
  • when processing data in accordance with our legal obligations (Law on Attorneys, Law on Anti Money Laundering and Terrorist Financing, Accounting Law, tax laws),
  • when you contact us via the contact form or via e-mail,
  • when we process your job application,
  • when you visit our website and use the specific functionality of our website.

BDV will not collect Personal Data unless you voluntarily provide it to us, except for certain Personal Data collected through the information systems and programs used for the operation of our website, whose transmission is necessary for the use of internet communication protocols and will not require more information than is necessary for performing certain activities. If you do not want to provide us with Personal Data (except Personal Data relating to the use of internet communication protocols that are usually collected when visiting the website), you can still access our website but you will not be able to sign in to the Client Intranet, contact us or apply for a job at BDV.

 

3. DATA THAT WE PROCESS

 

3.1. COOKIES

Cookies are small files that are stored on your computer, which tell us which parts of our site you visited. Cookies also give us insight into the behaviour of the user, so we can improve the communication on the website.

We collect log information and information about the number of visitors to certain parts of our website. If you visit our website for the first time, we’ll be alerting you to give us consent to the use of Google Analytics, analysis activities from Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (Google). We collect the log information and information about how many visitors visited specific parts of our website. Google analyses the use of the website and cookies enable analysis of the visits to the website by assigning a unique randomly generated ID to your device according to which your device is identified when visiting the website later. The information that Google collects regarding your use of our website (e.g., your entry URL, the webpages you visited on our website, the web browser you are using, your language preferences, the operating system you are using, or the resolution of your display) are uploaded to Google’s server in the US, they are stored, analysed, and become available to us in an anonymous form. Data on your usage is not associated with your full IP address. We have activated on this website Google’s IP anonymisation function so that the last 8 digits (type Ipv4) or the last 80 bits (type Ipv6) of your IP address are deleted.

Google and BDV in this case are considered to be joint controllers in accordance with the GDPR and Google is certified with the EU-US Privacy Shield, so that data processing by Google in the United States applies an appropriate level of personal data protection. For further information on Google Analytics, please see the Google Analytics Terms of Use, the Google Analytics Security and Privacy Policy as well as the Google Privacy Statement.

If you give consent for Google Analytics, we’ll store the cookie on your computer and the cookie notification will not appear for a year, which is the set cookie duration. After the cookie expires or if the cookie is deleted or the consent is withdrawn, the cookie notification will reappear on our website.

You can withdraw your consent to these web analytics at any time by clicking the following link:
WITHDRAW COOKIE CONSENT

 

3.2. OPEN JOB APPLICATIONS

BDV collects open applications from candidates who want to work with us. Only authorised persons within the BDV have access to these data, who are bound by confidentiality statement. Open applications are processed for the purpose of contacting the candidate and possible recruitment. The data is kept for 2 (two) years from the date of receipt of the open application, in order to contact specific candidates if needed.

 

3.3. JOB APPLICATIONS

The BDV processes the Personal Data of the Applicants who appear in our job contest and keeps them up to the final completion of the job contest. After completing the selection process, we keep Personal Data of the selected candidates with whom we conclude the employment contract and Personal Data of candidates who gave us consent in order to remain in our database for a period of up to 2 (two) years after the application has been submitted. Only authorised persons within the BDV have access to these data, and they process and analyse applications for the purpose of contacting the candidate and possible recruitment.

 

3.4. BDV SUMMER PROGRAM

BDV collects open applications from students who are interested in the BDV Summer Program. Only authorised persons within the BDV have access to candidates’ Personal Data, who are bound by a confidentiality statement. They process and analyse open applications for the purpose of contacting the candidate again and keep the data up to 2 (two) years from the date of receipt of the application.

 

3.5. SOCIAL NETWORKS

The BDV has access to Personal Data on its LinkedIn profile, such as name and surname, workplace, likes, comments, connections, messages and memberships in specific groups. BDV uses social networks to respond to inquiries of related persons and to inform members of the social network about the novelties in its work.

 

3.6. BUSINESS CO-OPERATION WITH CLIENTS

BDV Clients are the persons with whom we have concluded an agreement on providing legal services in relation to representation and legal counselling (Client or Clients).

As lawyers, we are obliged to keep confidential all the information pertaining to the Client and the subject of representation, all in the interest of the Client.

The data regarding business cooperation are kept for 10 (ten) years from the termination of the business relationship and the performance of the transaction and 5 (five) years in the case of data about the authorised persons, client risk assessment, professional training, and employee training and internal audit. The data is deleted and the documentation is destroyed in accordance with the regulations governing the protection of personal data. If a Client wishes to keep the documentation longer than the specified deadline, the BDV must be notified of the same.

During the representation of the Client, BDV may become aware of or create confidential information. BDV will not, without explicit consent of the Client, share this information with third parties, except for the members of the team working on the Client’s affairs, who are intended to disclose such information, that they must know for the purpose of providing legal services. Also, we will take the necessary precautions to maintain the confidentiality of this information.

BDV will not, without prior written consent of the Client, provide basic Client’s project information (including the value of the project with respect to which we are entrusted with representation). In this connection, if the Client expressly agrees, certain professional publications that are ranked on a yearly basis may sometimes contact our Clients.

The BDV is obliged to respect all provisions of the applicable anti money laundering and terrorism financing laws in the Republic of Croatia. In order to comply with all statutory provisions, we are authorised to request additional proof of Client’s identity in accordance with applicable regulations. The BDV is obliged to notify the competent authorities about all potential cases of money laundering and is not obligated to compensate the Client for any damages arising as a result of the fulfilment of legal obligations.

The BDV, within its obligations under the anti-money laundering laws (risk assessment of money laundering and terrorist financing, the conduct of due dilligence), collects personal information of the persons with whom it establishes a business relationship or carries out the transaction. The data refer to the first and last name, a copy of the ID card, the residence, the date of birth, the identification number and the nationality if the person is a natural person and the name, headquarters, identification number, legal form, and name and surname, identification number, address, e-mail, and the legal representative’s telephone number, while for all Clients we collect data such as the purpose and nature of the business relationship, the Client’s business, sources of funds that are the subject of the business relationship and the time of establishing the business relationship.

 

4. PURPOSES, LEGAL GROUNDS FOR PROCESSING, AND POSSIBLE CONSEQUENCES OF NOT PROVIDING PERSONAL DATA

When you provide your Personal Data or when we receive your Personal Data, we will limit the processing of Personal Data for purposes for which they have been collected in accordance with this Policy. Processing your Personal Data includes:

1 taking steps on your request before signing contract (e.g. answering your questions and comments, meeting your requirements, submitting bids, receiving bids, communicating with you, processing an open application or signing up for a job),
2 execution of a contract to which you are a party (e.g. providing legal services, providing access to certain areas and features on a website),
3 investigating suspicion of fraud, harassment, physical threat or other violations of any laws, rules or regulations, or the rights of third parties; or researching any suspicious behaviour that we find indecent,
4 compliance with the legal obligation to which the BDV is subject (e.g. for disclosures prescribed by law, other regulations or court orders),
5 processing for the purposes of, or in connection with, legal proceedings, establishing, defending or enforcing legal rights,
6 performing data analytics or delivering communications via electronic tools (e-mail, social network), whether automated or not, in accordance with the appropriate legal bases, based on legitimate interest or given consent of data subject.

Giving Personal Data for the Purposes 1 to 5 above is voluntary, but any refusal to provide such data may disable BDV to enter into contract with you, respond to your requests, provide you with legal services, receive and process your application, and it adheres to the legal obligations under which the BDV is subject.

The provision of Personal Data for the purposes described under number 6 is also voluntary. Failure to provide such Personal Data may prevent the BDV from carrying out an analytics or communicating with you in certain situations. We can still contact you for administrative purposes, such as a receipt or processing of your further requests.

In case you gave as consent, you may in any case withdraw your consent and in that case the BDV will no longer process your Personal Data for this purpose, without any negative consequences.

 

5. RECIPIENTS

Your Personal Data may be disclosed, in close connection with the above purposes to:

– entities that need to send mail or email, remove recurring information from the list of recipients of services, analyse data and provide support, provide user services, and which typically handle Personal Data on behalf of BDV as processing executives, such as a cloud provider (how defined in Article 6 below);
– entities that maintain our IT systems;
– entities providing us with accounting services that are subject to the appropriate contractual obligation of confidentiality;
– persons authorised by the BDV for the processing of Personal Data, subject to the corresponding legal obligation of confidentiality (employees and associates of BDV);
– BDV associates, who are subject to the appropriate contractual obligation of confidentiality;
– persons participating in the BDV Student Practice Program, who are subject to the appropriate contractual obligation of confidentiality;
– competent authorities and public authorities when required by applicable law or in good faith (for example, to comply with the provisions of the law or legal proceedings in relation to the BDV for the purpose of protecting and defending the rights or property of the BDV or, in urgent circumstances, the security of BDV clients or the public);
– business partners for their needs, only in accordance with appropriate legal grounds of processing.

 

6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

BDV transfers Personal Data to US based cloud provider (data processors) who have accessed the Privacy Shield Agreement between the EU and the US, thus ensuring adequate protection of personal data. BDV uses the following cloud services: Clio, Microsoft Office 365, Trello, and Zoho.

Trello is the tool we use to organize our work so that at any time we have an insight into what we are doing, who in our team is doing it, and in which stage is a specific project. Trello tool is the product of Trello, Inc. based in New York, USA, which is a signatory to Privacy Shield. In this sense, Trello and BDV represent joint controllers according to the GDPR. The servers for these services are located on Amazon Web Services (“AWS”) platforms and all personal information is located in AWS security centres. When transmitting data between affiliated companies, Trello respects the Standard Data Protection Clauses approved by the European Commission and is a signatory to the EU-US Privacy Shield Agreement. More information on Trello’s Privacy Policy is available at https://trello.com/privacy.

 

7. DATA RETENTION

The BDV will process your Personal Data only for the time necessary to achieve the purposes described in Article 4 of this Policy, unless this Policy otherwise specifies. Given the purpose described in Article 4 under 1. and 5., your Personal Data will be processed until you exercise your right to object or until you withdraw your consent.

In addition to the foregoing, the BDV will keep your Personal Data as required or permitted in accordance with applicable laws (e.g. at least 11 years, according to the Accounting Act, we shall keep documents based on which the data are entered into the accounting books, 10 years in accordance with Law on Attorneys and 5 or 10 years in accordance with the Law on the Prevention of Money Laundering and Financing of Terrorism).

 

8. DATA SUBJECTS’ RIGHTS

The BDV informs you that, in accordance with the extent permitted by applicable laws, you have the right to request from the BDV access and correction or deletion of Personal Data, or processing limitations related to your Personal Data, as well as to object to processing activities and to file a complaint with the competent authority (in the Republic of Croatia to Personal Data Protection Agency). You also have the right to know the recipients or categories of recipients to which your Personal Data was or will be disclosed, especially to recipients in third countries.

 

9. CONNECTION TO THE OTHER WEBSITES

Our website may contain links to other websites that are not owned, managed, or maintained by the BDV. When you leave the site, you should notice and read the terms and privacy policy of each website you visit. Also, you should independently assess the authenticity of any website that appears or claim to be one of our sites (including those associated with an e-mail). Notwithstanding any links that may exist on our website, unless otherwise stated, we do not control, recommend or refuse, and are not affiliated with, these websites or their content, products, services or privacy policies. Downloading material from certain websites may result in a violation of intellectual property rights or the introduction of a virus into your computer system.

 

10. SECURITY PRACTICES

The security of your Personal Data is of paramount importance, so we have set up the appropriate physical, electronic, and control procedures, as well as technical and organisational measures to protect the data we collect. Because of the open nature of the Internet, we can not guarantee that communication between you and us or the information stored on our website or on our servers will be completely safe from unauthorised third party access.

 

11. COMPETENT LAW/JURISDICTION

All questions related to our website and this Policy are governed by Croatian law. You agree that in connection with the procedure pertaining to this website and this Policy will be exclusive and local jurisdiction of the courts in the Republic of Croatia. We do not warrant or imply that our content/materials on our website are suitable for use outside the Republic of Croatia.

 

12. COMPLIANCE WITH THE RULES OF THE CROATIAN BAR ASSOCIATION

BDV has been approved and regulated by the Croatian Bar Association as a law firm. This website is in line with the rules of the Croatian Bar Association for websites of attorneys at law, from February 14, 2009. Information on the Attorneys’ Code of Ethics can be found on the website http://www.hok-cba.hr/. The Code, as well as all other regulations referred to by the Code, govern the BDV business. The information on our website related to any service is only applicable in the Republic of Croatia and is not considered as legal advice.

 

13. DISCLAIMER

If any provision of this Policy is punitive, damaging or non-enforceable, such provision shall not apply to the extent to which it is null and void or inexcusable, provided that this does not affect the validity of the remaining provisions of this Policy.

 

14. CHANGES AND UPDATES OF THE POLICY

BDV reserves the right to amend or update this Policy at any time and without prior notice. Please check from time to time any changes or updates to our policies that will be posted here with updated effective date on the first page of the Policy if any changes or updates are made.

 

15. CONTACT INFORMATION

If you have any questions or comments regarding this Policy or our website, you can contact us through our online form available at www.bdvlegal.com/kontakt/, by e-mail info@bdvlegal.hr, or by phone +385 1 5626 001.

Your BDV team

Start typing and press Enter to search