• Home
  • Privacy policy

Privacy policy

 

PERSONAL DATA PROTECTION POLICY (Web Form)

Introduction


Benko Kotruljic d.o.o. is an accounting, financial services, tax and business consulting services provider (hereinafter referred to as Organization). Organization specializes in accounting services for multinational corporations, financial institutions and all sizes companies. In addition to the mentioned services, Organization provides salaries, staffing and tax records and salaries for domestic employers and those who are delegated to work in or outside the Republic of Croatia. Organization provides payments on behalf of clients, tax representation services, data archiving and other services in the domain of primary services. Since Company Clients operate in areas of various tax, accounting and other regulations, Organization provides a business advisory regarding compliance with local regulatory framework.

In its business processes the Organization has two key roles, acting as a Data Controller and acting as a Data Processor.

Web business segment

Within its web business segment (except for internal network), the Organization acts as a Data Controller.
Within the web business segment, Organization collects the following personal information:

Visiting a website without logging in and / or filling in a web form:

  • IP address and internet domain of the user

Visit the web site with the registration and / or fill out of the web contact form:

  • Name and surname
  • Username
  • E-mail address
  • IP address
  • Internet domain

Data collected for this purpose may be used solely for an internal marketing analysis purpose, where pseudonymization, minimization, encryption and other forms of protection are pre-defined by the ISMS policies of the Organization.

  • By clicking "I agree" at the bottom of the page, it is considered that the site visitor has consented to collecting IP addresses and domains.
  • By clicking on the additional option of sending in the web contact form, the client is considered to have consented to collecting the IP address, domain name and last name and e-mail address.
  • By clicking on the option to “I agree” the login form on the internal portal of the website, it is considered that the client has given consent to collect the IP address, the domain name and surname, the e-mail address and the username.

Visitors may request at any time the erasing of the collected data for that part of the processed data which is under the scope and control of the Organization.

 

The purpose of the personal data protection policy

The Personal Data Protection Policy is part of the comprehensive Information protection policy of the organization Benko Kotruljic d.o.o. framed by the international standard ISO / IEC 27001: 2013.
The purpose of the personal data protection policy is to show aspects of legal data protection in a single summary of the document. The policy can be used as a basis for carrying out an internal data protection audit as well as third-party inspections, such as inspection required by the customer in the processing of customer-supplied data. The policy ensures compliance with the European Data Protection Ordinance (GDPR), while providing evidence of compliance.

Motivation to Observe Data Protection


The company's personal data security policy is a part of the general Information security policy (ISMS) of the Organization. The ISMS is a planned, constantly monitored, improved and repetitive process of the Organization. The ISMS is the paramount process.

The legal framework in the Organization

•    Organization-specific Personal Data Management Regulations with a Request for Enhanced Supervision of Specifically Sensitive Data Processing
•    Requirements of internal and external parties
•    Applicable laws, possibly with special local regulations
•    Internal and external inspections were carried out
•    Data Protection: Determining the need for protection in terms of confidentiality, integrity and availability is regulated by the Organization's security information policy.
•    Existing technical and organizational measures
•    Appropriate technical and organizational measures that must be implemented and substantiated, taking into account, inter alia, the purpose of processing, state of the art and implementation costs.

Web Form Policy on Data Protection

The Web Form of Privacy Policy is an extracted part of the comprehensive policy for the protection of personal data and the information security policies of the Organization.

Clients and other interested parties who have established a business relationship with the Organization may request an access to the Comprehensive Privacy Policy.


Zagreb, 01.01.2018.