• Legal Notice
  • General terms and conditions of user personal data protection

General terms and conditions of user personal data protection

1.    Object of the General Terms and Conditions of User Personal Data Protection

These General Terms and Conditions of User Personal Data Protection (“Terms and Conditions”) regulate relations between Poslovna inteligencija d.o.o. with registered seat in Zagreb, at Stubička 50b, PIN (OIB): 65570189449, (“Provider” or “Poslovna inteligencija”) as an IT services provider and the user who has requested provision of the IT services as the recipient of the services (“User” or “Recipient”) in relation to personal data processing during and in relation to provision of the service to the User.

For avoidance of doubt, these Terms and Conditions shall apply to business relationships between Poslovna inteligencija and the User only if the User places data subjects’ personal data at disposal of Poslovna inteligencija for the purpose of provision of the requested service where the User is the personal data controller and Poslovna inteligencija is personal data processor.

Mutual relations of Poslovna inteligencija and the User not specifically regulated by these Terms and Conditions shall be regulated appropriately by applicable regulations, especially personal data protection, civil obligations, and intellectual property regulations as well as other relevant regulations of the Republic of Croatia.

2.    Nature and purposes of the processing

Poslovna inteligencija will provide the User a service entailing development, installation, adjustment, implementation, and maintenance of and support for software or parts thereof as well as related IT services which may, as a prerequisite for performance, require processing of personal data processed by the User, for example personal data of User’s managers, employees, associates, clients, suppliers, and other individuals whose data are processed by the User for the purpose of its own business, (“User Personal Data”).

Poslovna inteligencija shall only process the User Personal Data for the purpose of performance of the contracted service as requested by the User and in the manner determined by the User. In absence of more precise User requests, Poslovna inteligencija shall have the right to process the User Personal Data in a manner required and/or justified for business purposes to achieve efficient and high-quality performance of the service in accordance with all personal data protection obligations imposed by applicable regulations, especially commitment to confidentiality and protection of integrity of the personal data in compliance with the General Data Protection Regulation.

3.    Types and categories of personal data

Types and categories of personal data processed by Poslovna inteligencija within the framework of the business relationship with the User shall depend on the type of IT service provided by Poslovna inteligencija and they shall be determined in a Contract concluded with the User or a Data Processing Agreement concluded with the User.

4.    Rights and obligations of the controller

Poslovna inteligencija and any person acting under guidance of Poslovna inteligencija or the User who has access to the personal data may only process those data in compliance with User’s requests.

By entering into the business relationship with Poslovna inteligencija, if it includes processing of the User Personal Data, the User gives an order to Poslovna inteligencija to process the personal data placed on its disposal on behalf of the User in such extent and manner as necessary and/or justified for performance of Poslovna inteligencija service for the User.

In relation to the User Personal Data made available to Poslovna inteligencija for the purpose of the processing, the User explicitly and irrevocably warrants to Poslovna inteligencija the following:

  1. that it has lawfully acquired all data in its possession and at its disposal for lawful purposes for which they were collected;
  2. that it is familiar, in detail, with the legal framework for personal data protection, especially the substance and the method of enjoyment of rights and compliance with obligations by the User as the personal data controller and/or processor, as well as rights of individuals enshrined in personal data protection regulations; and
  3. that it applies the General Data Protection Regulation (Regulation (EU) 2016/679) and other personal data protection regulations in its operation; and
  4. that it consents to processing of the personal data made available to Poslovna inteligencija when necessary; in the manner foreseen by these Terms and Conditions, by a contract concluded with Poslovna inteligencija, and by other personal data protection regulations; for the purposes of performance of the service by Poslovna inteligencija; and
  5. that it has processed the User Personal Data and made them available to Poslovna inteligencija in compliance with the applicable personal data protection legal framework, i.e., that it has fully aligned its operation with the personal data protection legal framework, and that it assumes full responsibility for the same towards Poslovna inteligencija, and especially that it has processed and made the relevant data available to Poslovna inteligencija in a lawful, fair, and transparent manner.

The User irrevocably undertakes to fully indemnify Poslovna inteligencija for any total direct and indirect damage Poslovna inteligencija incurs if the User places the personal data at its disposal unlawfully, and especially if the User collects and processes the personal data without any lawful reasons and then assigns them to Poslovna inteligencija for the purpose of performance of the service. The User is required to fully indemnify Poslovna inteligencija for the total damage within 30 days following receipt of a damage claim specifying the amount and circumstances of occurrence of the damage. The maximum damage compensation Poslovna inteligencija may claim from the User shall be EUR 50,000.

The User undertakes to provide any assistance and perform any action required for the purpose of assisting in performance of obligations Poslovna inteligencija has under the personal data protection regulations.

5.    Rights and obligations of the processor

In relation to the personal data made available by the User to Poslovna inteligencija, Poslovna inteligencija explicitly and irrevocably warrants to the User the following:

  1. that it is familiar, in detail, with the legal framework for personal data protection, especially with the substance and the method of enjoyment of rights and compliance with obligations by the User as the personal data controller, as well as rights of individuals enshrined in personal data protection regulations;
  2. that it applies the General Data Protection Regulation (Regulation (EU) 2016/679) and other personal data protection regulations in its operation;

Poslovna inteligencija undertakes to treat the User's Personal Data as confidential and implement for this purpose appropriate organisational and technical measures to prevent their misuse including committing its employees and other associates to protection of the User Personal Data in the course of provision of the service.

Poslovna inteligencija is entitled to request the User to perform any required action allowing or facilitating provision of the service by Poslovna inteligencija without processing or with minimal required processing of the User's Personal Data. Within the meaning of the provision above, Poslovna inteligencija shall, if technically possible and commercially justified, give preference to providing the service using data associated with non-existent persons (so called demo data); or providing the service without downloading the same data to IT infrastructure of Poslovna inteligencija, by accessing and processing the data exclusively on User’s infrastructure; or providing the service through the JIRA portal and similar IT solutions provided by Poslovna inteligencija allowing logging of data access and processing. Poslovna inteligencija shall provide timely a notice to the User about the appropriate service provision method.

If the User is unable to comply with a request made by Poslovna inteligencija and ensure an adequate level of protection for remote access (Virtual Private Network (VPN) or a similar secure communication channel), Poslovna inteligencija shall have the right to provide the service directly at the User’s site for an additional compensation for the service and the cost of arrival in accordance with the applicable Poslovna inteligencija price list.

Poslovna inteligencija shall return all User’s requests for provision of the service received by electronic mail as a non-secure communication channel, together with an appropriate notice and instruction on appropriate method of receiving User's requests; and immediately erase the received electronic message and any data enclosed thereto from its IT system.

For the purposes of provision of the service to the User, Poslovna inteligencija is entitled to engage another processor for performance of special processing activities with a prior notice to the User and a written consent received from the User. Poslovna inteligencija shall be required to conclude a contract with the other processor committing the latter to the same level of legal protection of the personal data as contemplated in the contract concluded by Poslovna inteligencija and the User; and to notify the User about conclusion of such contracts.

Poslovna inteligencija and the User undertake to each keep separate records of access by Poslovna inteligencija employees and other persons hired by Poslovna inteligencija to the User’s infrastructure to prevent or determine any breaches of personal data security and all responsible persons. In cases of disagreements of the access logs kept by Poslovna inteligencija and the User, the data recorded by Poslovna inteligencija shall be relevant for determination of relevant elements of the personal data processing.

Poslovna inteligencija shall place at User’s disposal all information needed to demonstrate compliance with the regulations and undertakes to provide any additional assistance and take any action necessary for the purpose of assisting in fulfilment of User’s obligations arising from the personal data protection regulations.

Poslovna inteligencija irrevocably undertakes to indemnify the User against indirect and direct damage incurred by the User due to judicial civil actions, claims, costs, damage, and losses caused by non-compliance of Poslovna inteligencija with requirements set out in these Terms and Conditions and in the Data Processing Agreement or non-compliance with legislation pertaining to data processing performed by Poslovna inteligencija. If a third party submits a damage compensation claim in such cases, Poslovna inteligencija is required to indemnify the User against total damage within 30 days following receipt of the damage compensation claim specifying the amount and circumstance of occurrence of the damage. The maximum damage compensation the User may claim from the Poslovna inteligencija shall be EUR 50,000.

6.    Technical and organisational measures

Poslovna inteligencija shall implement and perform adequate technical and organisational measures, as well as measures prescribed in an applicable DPA annex to ensure a corresponding level of security in relation to risks associated with its scope of responsibilities. Since the technical and organisational measures are subject to technical advances and further development, Poslovna inteligencija reserves the right to modify such measures provided that the modifications do not degrade functionality and security of the services to the User.

By defining the technical and organisational measures, the User shall confirm that those measures provide an appropriate level of protection of the User's Personal Data taking into consideration risks associated with processing of the User Personal Data.

7.    Data Subject rights and requests

To the extent permitted by law, Poslovna inteligencija shall notify the User about requests submitted by Data Subjects directly to Poslovna inteligencija in relation to the User Personal Data concerning enjoyment of Data Subject rights (e.g. rectification, erasure, and prevention of use of data). The User shall be responsible for replying to such requests submitted by Data Subjects. Poslovna inteligencija shall assist the User, in a reasonable extent, in responding to such requests submitted by a Data Subject.

If a Data Subject brings a civil action before a court or submits a claim directly against Poslovna inteligencija due to a breach of their Data Subject rights, the User shall indemnify Poslovna inteligencija for all costs, fees, damage, expenses, or losses arising from such a civil action or claim if Poslovna inteligencija notifies the User about the civil action and offers the User an opportunity to cooperate with Poslovna inteligencija in defence and settlement related to the civil action or claim. Under provisions of the Contract, the User may claim compensation from Poslovna inteligencija for amounts paid to Data Subjects because of breaches of Data Subject rights caused by failure of Poslovna inteligencija to perform its obligations arising from the General Data Protection Regulation.

8.    Third party requests and confidentiality

Poslovna inteligencija shall not disclose personal data about Data Subjects to third parties except on the basis of an authorisation received from the User or if that is prescribed by law. If a state body or a Supervisory Body requests access to personal data about Data Subjects, Poslovna inteligencija shall notify the User about it before disclosing the data unless that is prohibited by law.

Poslovna inteligencija demands its entire staff authorised to process the User Personal Data to commit to confidentiality and not to process User Personal Data for any other purpose except as ordered by the User or as demanded by applicable law.

9.    Auditing

Poslovna inteligencija shall allow and contribute to audits in order to determine compliance with and implementation of the technical and organisational measures designed to protect data being processed. The audits may be performed by the User, or another auditor authorised by the User in compliance with the following procedures:

  1. Upon a written request by the User, Poslovna inteligencija shall provide the User or the auditor authorised by the User the most recent certificates and/or one or more summary audit reports obtained by Poslovna inteligencija for regular testing, assessment, and evaluation of efficiency of the introduced technical and organisational measures.
  2. Poslovna inteligencija shall cooperate with the User, to a reasonable extent, and provide available additional information on the technical and organisational measures to assist the User comprehend them as much as possible.
  3. If the User needs additional information to perform its obligations or comply with obligations of other Controllers regarding the audit or a request submitted by a competent Supervisory Body, the User shall notify Poslovna inteligencija in writing to allow Poslovna inteligencija to provide the required information or provide the User access to the information.
  4. If it is impossible to otherwise comply with the audit obligation prescribed by the applicable law, only legally authorised entities (such as the state regulatory agency supervising operation of the User), the User, or its authorised auditor may visit premises used for provision of the Service in regular business hours, in a manner creating the least disruption to operation of Poslovna inteligencija, provided that the time of such a visit is agreed in compliance with all procedures set out in the DPA agreement in order to mitigate risks to other users of Poslovna inteligencija.

Each party shall cover its own expenses related to paragraphs a. and b. of this Article. Any additional assistance will be provided in accordance with the agreement on fees for provision of services concluded by the User and Poslovna inteligencija.

10.  Data breach

Poslovna inteligencija shall notify the User after it becomes aware, at the latest within 24 (twenty-four) hours after it became aware, of any Personal Data Breach affecting any personal data and submit required notifications on the same specifying:

  1. a description of the nature of the Personal Data, including to the extent possible, their category and approximate number of affected Data Subjects as well as the category and approximate number of affected Personal Data registers;
  2. a description of measures, proposed or taken, to remedy causes and, where possible, remedy harmful consequences of the Personal Data Breach;
  3. a description of probable consequences of the Personal Data Breach;
  4. name and contact information of a person employed by the Processor who may provide all required information related to the Personal Data Breach.

Poslovna inteligencija shall deliver notices of the personal data breach to the User using the User’s address specified in the Service Contract.

Upon a User’s request, Poslovna inteligencija shall provide, without delay, the User all reasonable help it needs to allow the User to report the relevant Personal Data Breach to competent bodies and/or affected Data Subjects if the User requests so in compliance with the Personal Data Protection Regulations.

Poslovna inteligencija undertakes not to issue statements, public announcements, or reports on the Personal Data Breach and not to notify the Data Subjects and/or competent bodies without a prior written approval by the User unless it is required to do so on the basis of the Personal Data Protection Regulations or other applicable regulations.

11.   Returning or erasing User Personal Data

Poslovna inteligencija undertakes to return or erase, whichever the User select, all User Personal Data after the service related to the processing is performed and to erase any existing copies unless there is a justified reason for storage of the above personal data.

Justified reasons for storage of the personal data after conclusion of provision of the service are:

  1. storage of evidence that the service has been performed (e.g. because of conduct of legal proceedings related to the service until expiry of the statutory limitation for claims against Poslovna inteligencija),
  2. keeping records of personal data processing activities,
  3. storage of evidence that the personal data processing was performed in compliance with a contract or a regulation, and
  4. other reasons for storage foreseen by regulations.

12.  Duration of the processing

Duration of the processing shall normally be defined by a master Contract or a framework Contract on provision of Poslovna inteligencija services to the User. In case of expiry of the term of such a Contract or upon termination of the Contract for any reason whatsoever, Poslovna inteligencija undertakes to return all data to the User or to permanently erase them in compliance with Article 10.

13.  Acceptance of the Terms and Conditions

By signing the contract on provision of Poslovna inteligencija services referring to these Terms and Conditions and/or, exceptionally, by establishing a business relationship between the User and Poslovna inteligencija on request of the User, even if no written agreement on provision of the service is concluded, the User confirms that it agrees to provisions of these Terms and Conditions and accepts them in full.

14.   Dispute resolution

Poslovna inteligencija and the User are in mutual agreement to attempt to amicably resolve any dispute arising from or in relation to their mutual business relationship and/or contract. If a dispute cannot be resolved as described above, the dispute shall be referred to a competent court in Zagreb.

15.  Final provisions

These Terms and Conditions shall take effect on the date of publication and apply to all users who have concluded contracts with Poslovna inteligencija after that date.

For users who have concluded contracts with Poslovna inteligencija by the date of publication of these Terms and Conditions, the same shall take effect and be applicable 30 days after the date of publication of these Terms and Conditions provided that the existing users do not exercise their right to terminate their contracts with Poslovna inteligencija as set out below.

Poslovna inteligencija shall publish and make available every applicable and consolidated text of amended Terms and Conditions at the official web site of Poslovna inteligencija, but it shall also inform users in writing (by electronic mail or registered mail) about proposed amendments to these Terms and Conditions and their right to terminate contracts.

Such users shall have the right to terminate their contracts with Poslovna inteligencija within 30 days following the date of publication of the amended Terms and Conditions in cases where the amendments to the general terms and conditions are less favourable to the User compared to the contracted Terms and Conditions. Amendments to the Terms and Conditions which only favour the users may be applied without any delay. In case of termination, such a user shall be required to settle Poslovna inteligencija the service contracted until the date of termination of the contract.

These Terms and Conditions shall apply to all services provided by Poslovna inteligencija at the moment when these Terms and Conditions took effect as well as all new Poslovna inteligencija services which shall be provided in the future.

Amendments to these Terms and Conditions as well as additional arrangements must be drawn up in writing to be valid. This also applies to reformulations of the text.

If one of provisions of these Terms and Conditions is null and void or becomes null and void, other provisions of these Terms and Conditions shall continue to apply.

These Terms and Conditions shall come into effect and apply from 01.01.2022. as their publication date.

Scroll to Top