At “Pet minuta d.o.o.”, we consider the protection of personal data of our employees, users, business partners or other persons with whom we are cooperating paramount and it is an integral part of our business processes. This document describes what personal information we collect, the ways we collect it, on what grounds, for what purposes we use it, how long we keep it, with whom we share it, the steps we take to protect personal data, and the rights and choices you have in relation to the collection and use of your data.
Basic principles of data processing
In processing the personal data of our employees, clients, suppliers, subcontractors, business partners and others we adhere to the following principles:
- Legality, fairness and transparency of processing
We process data in accordance with legal practices, and the respondents are informed about the processing and purpose of the processes and are familiar with the risks, rules, safeguards and rights regarding the processing of personal data
- The scale and purpose of collected data
Only data requisite for specific, explicit and legal purposes is collected and processed only in a manner in accordance for said purpose.
Pet minuta d.o.o. ensures all measures are taken to maintain up-to-date data is accurate. In the event personal data is not accurate, it is corrected or delete as soon as possible.
- Storage limit
The data is stored in a form that allows the identification of the respondents for as long as is necessary for the purposes for which the personal data is processed.
- Integrity and confidentiality
Data shall be processed in such a way as to ensure adequate levels of security: including the protection against unauthorized or illegal processing, accidental loss, and destruction or damage
What data are we collecting, for what purpose, and how long do we keep your data?
As part of our business, we collect and process the following categories of personal
data by the following categories:
- Candidates for Employment (Selection Process)
If you submit your application for work to Five, we will collect and process your personal information based on your legitimate interest and with your consent (when submitting your application). We collect the minimal data so that we can make a selection for the purpose of assessing potential candidates for a particular job.
Based on a legitimate interest in obtaining employment rights, compliance with statutory requirements, job placement (such as organizing travel, achieving job-related benefits), and tracking and developing employees, we collect basic employee personal information.
- External associates
Based on a legitimate interest, we collect and process personal data of our external associates (work through student services, student practices, contractual external associates) for the purpose of contract execution.
- Visitors to our websites
To improve user experience while visiting our site, we collect personal information in the form of “cookies”. We use this information to manage our web pages and our technical solutions, understand how visitors move through our website and view our services and improve our user experience on our sites and services.
For all the data we collect, have access to and process, we deal with confidentiality of the highest security standards. We do not collect or process so-called “sensitive data” such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership in a union, genetic data, data relating to health or sex life or sexual orientation of an individual.
All data is deleted after the end of the purpose for which it was collected or in the event of termination of the contractual relationship, and no later than the expiration of any statutory obligations related to the storage of personal data.
|DOCUMENT||CONTENTS OF THE DOCUMENT||RETENTION PERIOD|
|CV||Name, Surname, Email Address, Phone Number, Work Experience Data, Skills and Knowledge||Until the completion of the hiring process; except in the case of obtaining the consent of the respondents within 48 months if the respondent does not withdraw the consent earlier|
|Electronic Record of Labor Status / Certificate of the Highest Graduate Diploma||Name, Surname, Birth Date, OIB, Professional Qualification||11 years after the termination of the employment contract or until the retirement of the employee (due to the fact that the documentation required for the calculation of the pension is required)|
|Tax card||Name, surname, OIB, address, name and surname of dependent members, OIB of dependent members||For the duration of employment|
|Labor contract / Annex of labor contract / Contract termination||Name, surname, address, OIB, salary data, IBAN||11 years after the termination of the employment contract or until the retirement of the worker (due to the processing of the documentation necessary for the calculation of the pension)|
|Report on temporary incapacity for work||Name, surname, OIB, MBO, date of birth, sex, encrypted disease code, address, name and surname of the dependent member, date of birth of the dependent member, encrypted disease mark of the dependent member||11 years after the termination of the employment contract or until the retirement of the workers (due to the processing of the documentation necessary for the calculation of the pension)|
|Application to the Croatian Institute for Pension and Health Insurance||Name, surname, OIB, date of birth, sex, personal number of insured persons||For the duration of employment|
|Invoices from private persons||Name, surname, address, IBAN, OIB||11 years from the end of the business year to which it relates|
|Invoices to private persons||Name, surname, address, IBAN, OIB||11 years from the end of the business year to which it relates|
|Payroll lists and payroll receipts lists||Data on salary, first and last name, address, IBAN, OIB||Permanently|
|Payroll Receipts||Name and surname||Permanently|
|Record hours||Name and surname||6 years after the termination of employment|
|Records of employees||According to the Rules on Content and Keeping Records of Workers (nn 73/2017)|
Name and surname, OIB, gender, day, month and year of birth, place of residence / place of residence
|6 years after the termination of employment|
|Account for Email Address and Slack||Name and surname, official e-mail address + data according to the consent of the respondents||For the duration of employment|
|Employees files||Personnel files of employees with attachments and data (status, qualifications, work contract, residence, etc.)||Permanently|
|Contracts of work with private persons||Name, surname, address, OIB, fee information, IBAN||2 years from the termination of the contract (deadline or service execution)|
|Travel orders (together with decisions on the payment of daily allowance)||Name, surname, car registration mark||11 years from the end of the business year to which it relates|
|Passenger data record||Name, surname, date of birth, passport number, passport expiration date, visa details and expiration dates||For the duration of employment|
|Travel health insurance||Name, surname, OIB, date of birth, address||For the duration of the insurance policy|
|The consent of the employee||Name, Surname||For the duration of employment|
|The consent of external associates||Name, Surname||For the duration of employment|
|Business Cooperation Agreements||Name and surname of the legal entity’s representative||For the duration of the contract|
|Confidentiality agreements||Name, Surname||24 months after the termination of the contract|
|Certificate of having passed the Occupational Safety securely/ for initial fire extinguishing / worker health||Name and surname, OIB, date of birth, education, citizenship||After the expiration of the deadline for validity, (certificates of health workers’ ability – permanent)|
|Contract with personal data processors||Name and surname of the legal entity’s representative||For the duration of the contract|
Upon expiration of retention deadlines, we remove personal information from the system and archives or convert them to anonymous data so that we can no longer identify you.
With whom we share your data?
Based on a legitimate interest, if there is a legal obligation or explicit authorization under the law or in accordance with your given consent, in the following cases, we may pass on your personal information to third parties:
- For the purpose of fulfilling legal obligations or preventing misuse, personal data may be forwarded to the legislative, supervisory and regulatory bodies within and outside the territory of the Republic of Croatia
- In order to fulfill contractual obligations towards employees and external associates – personal data can be forwarded to external associates with whom “Pet minuta doo” has a contract on business cooperation with – Astra business engineering, Petrovaradinska 1a, 10000 Zagreb, OIB: 14077042128 with which we have a contract on business cooperation for conducting bookkeeping activities and Ulix doo Miramarska cesta 26, 10000 Zagreb, OIB: 26561427801 with which we have a contract for processing personal data, where all personal data protection measures
- Financial institutions (eg Fina, etc.)
When transferring data, we take care that all protection measures are assured, that the minimum amount of data that is required in order to realize the requested service is transmitted, and that the processing limitation principle is respected.
Collected personal data in processed in the Republic of Croatia. In exceptional cases it is processed in other countries (with the application of appropriate personal data protection measures, in ways prescribed by the rules for processing within the EU).
Your rights and how to use them
Each respondent whose personal information is collected and processed has the following rights:
- The right to access data
The respondent has the right to obtain a certificate of processing when his or her personal data is processed, the purpose of the processing, the categories of personal data processed, the recipients to whom the personal data has been disclosed etc., in addition to be informed about the collection and further processing of any other personal data.
- The right to correct or supplement personal information
If you believe that your personal information is inaccurate or incomplete, you may contact us at any time and request a correction of your personal information or submit a supplemental correction to complete your personal information. It is your obligation to notify us of changes regarding your personal information so that we can update it.
- The right to delete personal data (“Right to oblivion”)
- The right to limit the processing of personal data
As an interviewee, you have the right to terminate the processing of your personal information if one of the following conditions is met: (i) the respondent disputes the accuracy of personal information for the period during which the processing leader can verify the accuracy of personal data; (ii) processing is illegal and the respondent opposes the deletion of personal data and instead requests the restriction of its use; (iii) the processing manager no longer needs personal data for processing purposes, but is asked by the respondent to set up, exercise or defend legal claims; (iv) the respondent filed an objection to the processing, expecting that the certificate exceeds the legitimate reasons of the treatment manager’s reasons.
- The right to data transfer
The respondent has the right to receive personal data relating to him, which he or she has given to the processing leader in a structured, commonly used and machine-readable format, and has the right to transfer that data to another processing leader without interference by the processing leader to whom personal information is provided, that if: (i) processing is based on consent or in accordance with the contract; (ii) processing is an automated process; (iii) on the basis of a legal obligation.
- The right to withdraw consent
You may withdraw consent for any purpose of processing at any time; In that case, we will no longer use your personal information collected on the basis of consent for the stated purposes.
- The right to object
If you want to exercise one of these rights, you may contact us at the section below. If you feel that your right guaranteed by the General Data Protection Regulation has been violated, you can report a violation of the rights to the “Personal Data Protection Agency”, Zagreb, Martićeva 14, and on May 25th, 2018, and to the EU supervisory authority.
In accordance with the regulations governing the protection of personal data, we are obliged to protect personal data and to take appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful treatment of it and its accidental loss, destruction or damage. We have contractually committed third parties with whom we have a business relationship, who process personal data based on this business relationship, to act in accordance with the regulations in question.
Access to your personal information is limited to those employees who need this information. We continuously educate our employees on the importance of data confidentiality, privacy protection and the protection of your data.
If you have questions or concerns about how we treat your personal information and how we use it or would like to exercise your rights, you may contact us here:
- By e-mail: firstname.lastname@example.org
- At the address: Heinzelova 33, Zagreb
In accordance with applicable legal regulations governing the protection of personal data, each request/query will be resolved as soon as possible, or at the latest within 30 days of receipt.
When contacting and setting up these requests, we will make reasonable efforts to verify your identity and prevent unauthorized processing of your personal information.