General information

At “Pet minuta d.o.o.”, we consider the protection of personal data of our employees, users, business partners or other persons with whom we are cooperating paramount and it is an integral part of our business processes. This document describes what personal information we collect, the ways we collect it, on what grounds, for what purposes we use it, how long we keep it, with whom we share it, the steps we take to protect personal data, and the rights and choices you have in relation to the collection and use of your data.

Our “Privacy Policy” was adopted as one of the measures to comply with the requirements of Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, and applies from May 25, 2018.

Basic principles of data processing

In processing the personal data of our employees, clients, suppliers, subcontractors, business partners and others we adhere to the following principles:

  • Legality, fairness and transparency of processing
    We process data in accordance with legal practices, and the respondents are informed about the processing and purpose of the processes and are familiar with the risks, rules, safeguards and rights regarding the processing of personal data
  • The scale and purpose of collected data
    Only data requisite for specific, explicit and legal purposes is collected and processed only in a manner in accordance for said purpose.
  • Accuracy
    Pet minuta d.o.o. ensures all measures are taken to maintain up-to-date data is accurate. In the event personal data is not accurate, it is corrected or delete as soon as possible.
  • Storage limit
    The data is stored in a form that allows the identification of the respondents for as long as is necessary for the purposes for which the personal data is processed.
  • Integrity and confidentiality
    Data shall be processed in such a way as to ensure adequate levels of security: including the protection against unauthorized or illegal processing, accidental loss, and destruction or damage

What data are we collecting, for what purpose, and how long do we keep your data?

As part of our business, we collect and process the following categories of personal
data by the following categories:

  1. Candidates for Employment (Selection Process)
    If you submit your application for work to Five, we will collect and process your personal information based on your legitimate interest and with your consent (when submitting your application). We collect the minimal data so that we can make a selection for the purpose of assessing potential candidates for a particular job.
  1. Employees
    Based on a legitimate interest in obtaining employment rights, compliance with statutory requirements, job placement (such as organizing travel, achieving job-related benefits), and tracking and developing employees, we collect basic employee personal information.
  1. External associates
    Based on a legitimate interest, we collect and process personal data of our external associates (work through student services, student practices, contractual external associates) for the purpose of contract execution.
  1. Visitors to our websites
    To improve user experience while visiting our site, we collect personal information in the form of “cookies”. We use this information to manage our web pages and our technical solutions, understand how visitors move through our website and view our services and improve our user experience on our sites and services.

For all the data we collect, have access to and process, we deal with confidentiality of the highest security standards. We do not collect or process so-called “sensitive data” such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership in a union, genetic data, data relating to health or sex life or sexual orientation of an individual.

All data is deleted after the end of the purpose for which it was collected or in the event of termination of the contractual relationship, and no later than the expiration of any statutory obligations related to the storage of personal data.

DOCUMENTCONTENTS OF THE DOCUMENTRETENTION PERIOD
CVName, Surname, Email Address, Phone Number, Work Experience Data, Skills and KnowledgeUntil the completion of the hiring process; except in the case of obtaining the consent of the respondents within 48 months if the respondent does not withdraw the consent earlier
Electronic Record of Labor Status / Certificate of the Highest Graduate DiplomaName, Surname, Birth Date, OIB, Professional Qualification11 years after the termination of the employment contract or until the retirement of the employee (due to the fact that the documentation required for the calculation of the pension is required)
Tax cardName, surname, OIB, address, name and surname of dependent members, OIB of dependent membersFor the duration of employment
Labor contract / Annex of labor contract / Contract terminationName, surname, address, OIB, salary data, IBAN11 years after the termination of the employment contract or until the retirement of the worker (due to the processing of the documentation necessary for the calculation of the pension)
Report on temporary incapacity for workName, surname, OIB, MBO, date of birth, sex, encrypted disease code, address, name and surname of the dependent member, date of birth of the dependent member, encrypted disease mark of the dependent member11 years after the termination of the employment contract or until the retirement of the workers (due to the processing of the documentation necessary for the calculation of the pension)
Application to the Croatian Institute for Pension and Health InsuranceName, surname, OIB, date of birth, sex, personal number of insured personsFor the duration of employment
Invoices from private personsName, surname, address, IBAN, OIB11 years from the end of the business year to which it relates
Invoices to private personsName, surname, address, IBAN, OIB11 years from the end of the business year to which it relates
Payroll lists and payroll receipts listsData on salary, first and last name, address, IBAN, OIBPermanently
Payroll ReceiptsName and surnamePermanently
Record hoursName and surname6 years after the termination of employment
Records of employeesAccording to the Rules on Content and Keeping Records of Workers (nn 73/2017)
Name and surname, OIB, gender, day, month and year of birth, place of residence / place of residence
6 years after the termination of employment
Account for Email Address and SlackName and surname, official e-mail address + data according to the consent of the respondentsFor the duration of employment
Employees filesPersonnel files of employees with attachments and data (status, qualifications, work contract, residence, etc.)Permanently
Contracts of work with private personsName, surname, address, OIB, fee information, IBAN2 years from the termination of the contract (deadline or service execution)
Travel orders (together with decisions on the payment of daily allowance)Name, surname, car registration mark11 years from the end of the business year to which it relates
Passenger data recordName, surname, date of birth, passport number, passport expiration date, visa details and expiration datesFor the duration of employment
Travel health insuranceName, surname, OIB, date of birth, addressFor the duration of the insurance policy
The consent of the employeeName, SurnameFor the duration of employment
The consent of external associatesName, SurnameFor the duration of employment
Business Cooperation AgreementsName and surname of the legal entity’s representativeFor the duration of the contract
Confidentiality agreementsName, Surname24 months after the termination of the contract
Certificate of having passed the Occupational Safety securely/ for initial fire extinguishing / worker healthName and surname, OIB, date of birth, education, citizenshipAfter the expiration of the deadline for validity, (certificates of health workers’ ability – permanent)
Contract with personal data processorsName and surname of the legal entity’s representativeFor the duration of the contract

Upon expiration of retention deadlines, we remove personal information from the system and archives or convert them to anonymous data so that we can no longer identify you.

With whom we share your data?

Based on a legitimate interest, if there is a legal obligation or explicit authorization under the law or in accordance with your given consent, in the following cases, we may pass on your personal information to third parties:

  • For the purpose of fulfilling legal obligations or preventing misuse, personal data may be forwarded to the legislative, supervisory and regulatory bodies within and outside the territory of the Republic of Croatia
  • In order to fulfill contractual obligations towards employees and external associates – personal data can be forwarded to external associates with whom “Pet minuta doo” has a contract on business cooperation with – Astra business engineering, Petrovaradinska 1a, 10000 Zagreb, OIB: 14077042128 with which we have a contract on business cooperation for conducting bookkeeping activities and Ulix doo Miramarska cesta 26, 10000 Zagreb, OIB: 26561427801 with which we have a contract for processing personal data, where all personal data protection measures
  • Financial institutions (eg Fina, etc.)

When transferring data, we take care that all protection measures are assured, that the minimum amount of data that is required in order to realize the requested service is transmitted, and that the processing limitation principle is respected.

Collected personal data in processed in the Republic of Croatia. In exceptional cases it is processed in other countries (with the application of appropriate personal data protection measures, in ways prescribed by the rules for processing within the EU).

Your rights and how to use them

Each respondent whose personal information is collected and processed has the following rights:

  • The right to access data
    The respondent has the right to obtain a certificate of processing when his or her personal data is processed, the purpose of the processing, the categories of personal data processed, the recipients to whom the personal data has been disclosed etc., in addition to be informed about the collection and further processing of any other personal data.
  • The right to correct or supplement personal information
    If you believe that your personal information is inaccurate or incomplete, you may contact us at any time and request a correction of your personal information or submit a supplemental correction to complete your personal information. It is your obligation to notify us of changes regarding your personal information so that we can update it.
  • The right to delete personal data (“Right to oblivion”)
    The respondent has the right to request the deletion of his information in one of the following cases (i) that your personal information is no longer necessary in relation to the purpose for which it was collected; (ii) withdrawal your consent FIVE Privacy Policy 9 regarding processing, if there is no other legal basis for processing your data; (iii) if you object to the processing or there are no more legitimate reasons for processing; (iv) if personal data is proven to be unlawfully processed.
  • The right to limit the processing of personal data
    As an interviewee, you have the right to terminate the processing of your personal information if one of the following conditions is met: (i) the respondent disputes the accuracy of personal information for the period during which the processing leader can verify the accuracy of personal data; (ii) processing is illegal and the respondent opposes the deletion of personal data and instead requests the restriction of its use; (iii) the processing manager no longer needs personal data for processing purposes, but is asked by the respondent to set up, exercise or defend legal claims; (iv) the respondent filed an objection to the processing, expecting that the certificate exceeds the legitimate reasons of the treatment manager’s reasons.
  • The right to data transfer
    The respondent has the right to receive personal data relating to him, which he or she has given to the processing leader in a structured, commonly used and machine-readable format, and has the right to transfer that data to another processing leader without interference by the processing leader to whom personal information is provided, that if: (i) processing is based on consent or in accordance with the contract; (ii) processing is an automated process; (iii) on the basis of a legal obligation.
  • The right to withdraw consent
    You may withdraw consent for any purpose of processing at any time; In that case, we will no longer use your personal information collected on the basis of consent for the stated purposes.
  • The right to object
    As an interviewer, you can at any time make an objection to processing personal information relating to you. From the moment we receive your complaint, we will no longer process your personal information unless we prove that there are compelling legitimate reasons for said processing that exceed the interests, FIVE Privacy Policy 10 rights and freedoms of the respondent, or to set, exercise, or defend legal claims.

If you want to exercise one of these rights, you may contact us at the section below. If you feel that your right guaranteed by the General Data Protection Regulation has been violated, you can report a violation of the rights to the “Personal Data Protection Agency”, Zagreb, Martićeva 14, and on May 25th, 2018, and to the EU supervisory authority.

Security

In accordance with the regulations governing the protection of personal data, we are obliged to protect personal data and to take appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful treatment of it and its accidental loss, destruction or damage. We have contractually committed third parties with whom we have a business relationship, who process personal data based on this business relationship, to act in accordance with the regulations in question.

Access to your personal information is limited to those employees who need this information. We continuously educate our employees on the importance of data confidentiality, privacy protection and the protection of your data.

Contact

If you have questions or concerns about how we treat your personal information and how we use it or would like to exercise your rights, you may contact us here:

  • By e-mail: dpo@five.agency
  • By phone: +385 1 5535 036 FIVE Privacy Policy 11
  • At the address: Heinzelova 33, Zagreb

In accordance with applicable legal regulations governing the protection of personal data, each request/query will be resolved as soon as possible, or at the latest within 30 days of receipt.
When contacting and setting up these requests, we will make reasonable efforts to verify your identity and prevent unauthorized processing of your personal information.