Privacy Policy

Here is a faithful, professional English translation, preserving the legal tone, structure, and intent of the original Croatian text:

DPS SPECIALTY d.o.o. – Notice on the Processing of Personal Data

The insurance intermediary DPS SPECIALTY d.o.o. (the Intermediary / Data Controller), by means of this Notice on the Processing of Personal Data (hereinafter: the Notice), informs the Client (“you” / the Data Subject) about the processing of the Client’s personal data in the course of performing insurance distribution activities, with the aim of ensuring compliance with the principles of personal data processing in accordance with the Insurance Act (“Official Gazette” Nos. 30/2015, 112/2018, 63/2020, 133/2020, 151/2022 and 152/2024; hereinafter: the Insurance Act) and regulations governing the protection of personal data.

Through this Notice, the Intermediary explains how, in its capacity as a data controller, it processes the Client’s personal data. Please read this Notice carefully in order to better understand which data the Intermediary collects, how it uses them, and for what purposes.

WHO IS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA?

As the data controller, the Intermediary determines the purposes and means of processing the Client’s personal data and, in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679), is responsible for the processing of the Client’s personal data.

If you wish to contact the Intermediary regarding this Notice or your personal data, please use the following contact details:

DPS SPECIALTY d.o.o., a limited liability company for insurance and reinsurance brokerage,
Vankina ulica 22, HR-10000 Zagreb, Croatia
OIB: 65635169352
Tel: +385 91 598 0886
E-mail: [email protected]

WHAT IS THE LEGAL BASIS FOR PROCESSING AND FOR WHAT PURPOSES ARE PERSONAL DATA USED?

In performing its registered business activity, the Intermediary is obliged, pursuant to Article 211.e of the Insurance Act, to process personal data in accordance with regulations governing the protection of personal data, and pursuant to Article 386, paragraph 2 of the Insurance Act, to maintain business secrecy when participating in the processing of personal data in the role of data controller in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text relevant for the EEA) (OJ L 119, 4.5.2016) (hereinafter: GDPR).

The Intermediary processes the Client’s personal data in accordance with the GDPR, the Act on the Implementation of the General Data Protection Regulation (“Official Gazette” No. 42/2018), and other applicable personal data protection regulations.

The Intermediary processes the Client’s personal data for the purposes stated in this Notice, based on the following legal grounds:

Performance of a Contract or Taking Steps at the Client’s Request Prior to Entering into a Contract

The Intermediary processes the Client’s personal data in the performance of insurance and reinsurance distribution activities for the purpose of performing a contract, to the extent such personal data are necessary for contract performance, or in order to take steps at the Client’s request prior to entering into a contract, as well as for the purpose of performing other tasks and activities related to insurance distribution through which the Intermediary fulfills statutory and contractual obligations and which may reasonably be expected.

Compliance with Legal Obligations

The Intermediary processes the Client’s personal data in order to comply with legal obligations, such as the retention of business documentation, record-keeping, submission of reports, determination of the Client’s demands and needs, assessment of the suitability of insurance products, submission of data to public authorities and supervisory bodies, implementation of measures to prevent money laundering and terrorist financing, and in other cases prescribed by law.

Legitimate Interests

The Intermediary is entitled to process the Client’s personal data for the purposes of its legitimate interests, except where such interests are overridden by the Client’s interests or fundamental rights and freedoms requiring the protection of personal data. In doing so, the Intermediary takes into account the Client’s reasonable expectations regarding the processing of personal data based on a contractual or other relationship with the Intermediary.

A legitimate interest exists, for example, where the processing of personal data is necessary for the prevention and detection of criminal or misdemeanor offenses, fraud prevention, protection of property and individuals, transfer of personal data between data controllers and processors for the purpose of performing service agreements and related administrative needs (such as invoicing). Furthermore, the Intermediary may process personal data for the purpose of contacting the Client as a visitor of the Intermediary’s website in order to provide support, conduct direct marketing, and perform market research, for example where cookies necessary for website functionality are used or where notifications and offers are sent based on prior business relationships or inquiries.

Consent

The Intermediary may process personal data based on the consent given by the Client for one or more specific purposes, whereby such consent represents a freely given, specific, informed, and unambiguous indication of the Client’s agreement to the processing of personal data relating to them, such as a written statement, including electronic form, or an oral statement.

The Intermediary will request consent, for example, when processing special categories of personal data, unless such processing is necessary for the establishment, exercise, or defense of legal claims, or unless otherwise prescribed by binding or applicable regulations.

When processing personal data based on consent, the Intermediary informs the Client of the right to withdraw consent at any time, as detailed in the section “What are the Client’s rights regarding the processing of personal data?”.

WHICH PERSONAL DATA DOES THE INTERMEDIARY PROCESS?

The Intermediary primarily processes identification data, such as first and last name, date of birth, address, personal identification number, telephone number, e-mail address, profession, and employment.

Where necessary, the Intermediary also requests additional personal data, such as data required to determine the Client’s demands and needs, risk assessment data, data relating to the insured subject matter, claims data, financial data including knowledge and experience in financial matters, financial situation and objectives, and other financial data in accordance with legal obligations, as well as data arising from business relationships with insurers and other data necessary for the performance of the Intermediary’s registered activity.

Under the above conditions, the Intermediary may also process special categories of personal data that are particularly sensitive with regard to the Client’s fundamental rights and freedoms, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, health data, or data concerning a person’s sex life or sexual orientation.

The Intermediary may also collect and record the Client’s IP address or computer location for system administration, troubleshooting, confirmation of content downloads, or improvement of technical aspects of the online service. The Intermediary may automatically record data on website usage habits, including logs of visits to specific pages or content, which are used exclusively to improve services.

Personal data are obtained from the Client, publicly available sources or documents, or third parties such as the Client’s or the Intermediary’s business partners, insurance distributors, insurance companies and associations, public authorities, attorneys, or financial institutions.

TO WHOM ARE THE CLIENT’S PERSONAL DATA DISCLOSED?

To the extent necessary to achieve the purpose of processing or where required by binding or applicable regulations, the Intermediary may disclose the Client’s personal data to natural and/or legal persons, public authorities, or other bodies (recipients).

For the purpose of insurance and reinsurance distribution, personal data may be disclosed to insurance companies, the Intermediary’s employees as required for their job duties, business partners, and processors acting on behalf of the Intermediary (such as accounting services, lawyers, debt collection agencies, postal and courier service providers, IT service providers, financial institutions, authorized auditors, and audit firms).

In accordance with special regulations, personal data may also be disclosed to public authorities for the performance of their official duties, such as the Ministry of the Interior, competent state attorney’s offices, courts or notaries, tax authorities, or supervisory bodies.

Furthermore, personal data may be disclosed to third parties if the Client has expressly consented in writing, where required under anti-money laundering and counter-terrorism financing regulations, compulsory motor insurance regulations, for reinsurance or co-insurance purposes, or where required under the GDPR or other applicable regulations.

Processors engaged by the Intermediary process personal data exclusively on its behalf and in accordance with its instructions, under written agreements ensuring appropriate technical and organizational measures in compliance with data protection regulations.

WHERE ARE THE CLIENT’S PERSONAL DATA PROCESSED?

Personal data are processed within the European Union and the European Economic Area (EEA).

Transfers outside the EU/EEA are permitted only where an equivalent level of data protection is ensured, through adequacy decisions, standard contractual clauses, approved codes of conduct, certifications, or other safeguards in accordance with GDPR requirements.

Upon request, the Intermediary will provide further details regarding transfers outside the EU/EEA.

HOW LONG ARE PERSONAL DATA RETAINED?

Personal data are retained for as long as necessary for the purposes for which they are processed or as required by statutory retention periods.

In accordance with the Insurance Act, data are retained for the duration of the insurance contract and thereafter in accordance with statutory limitation periods for claims. Certain data are retained in accordance with specific mandatory retention regulations.

Where data are processed based on consent, they will be deleted upon withdrawal of consent unless another legal basis exists or retention is required for legal claims.

WHAT ARE THE CLIENT’S RIGHTS REGARDING PERSONAL DATA PROCESSING?

In accordance with the GDPR, the Client has the right to request from the Intermediary at any time:

Requests may be submitted via e-mail to [email protected] or by post to Vankina ulica 22, HR-10000 Zagreb.
The Intermediary may request additional information to verify identity and may refuse requests that are unfounded or excessive.

SUPERVISORY AUTHORITY

If the Client believes that personal data processing is not in compliance with applicable regulations, they have the right to lodge a complaint with the competent supervisory authority.

In the Republic of Croatia, this authority is the Personal Data Protection Agency (AZOP) (www.azop.hr).

Prior to submitting a complaint, Clients are encouraged to contact the Intermediary to resolve any concerns.

FINAL PROVISIONS

This Notice is provided to the Client on a durable medium other than paper—by e-mail and/or via the website. By providing an e-mail address, the Client confirms regular internet access and the suitability of electronic delivery. The Client may choose to receive this Notice on paper.

This Notice is issued in Croatian. A translation may be provided; however, in case of discrepancies, the Croatian version shall prevail.

In the event of material amendments, Clients will be notified in writing in a timely manner.

This Notice is effective as of 15 February 2025.