Hondl, Konić, Šimunović i Batur

Email

info@hondl.hr

Phone

+385 1 4554 487+385 1 4614 205

Opening hours

Monday–Friday: 08:00–16:00
Closed on weekends.

Address

Zvonarnička ulica 3, 10000 Zagreb
/Areas of Law/Our Lawyers/About us/Career/Contact
Terms of UseCookie PolicyPrivacy PolicyLegal NoticeImpressum|© 2026 ODVJETNIČKO DRUŠTVO HONDL, KONIĆ, ŠIMUNOVIĆ I BATUR j.t.d.|SUTRA.HR · web design & development

Privacy Policy

NOTICE ON THE PROCESSING OF PERSONAL DATA

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Regulation“), as well as the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/18), and in accordance with the entire legal framework for the protection of personal data in the Republic of Croatia and the European Union and best European practice,

Hondl, Konić, Šimunović and Batur Law Firm Ltd., Zvonarnička 3, Zagreb (the “Law Firm“), as the controller of processing pursuant to Articles 13 and 14 of the General Regulation, informs you of the manner of processing of your personal data (the “Notice“).

Your privacy and the security of your personal data are very important to us. The Law Firm takes the protection of your personal data seriously and implements all necessary technical and security measures in accordance with best practice and the obligations prescribed by the General Regulation and other applicable legislation. This Notice explains the types of personal data we collect and process in relation to certain categories of data subjects listed below.

We therefore ask you to read this Notice carefully and, if you have any questions, feel free to contact us at info@hondl.hr, tel: 01/4554 487.

This Notice is also published on our website and is available at our registered office. We can provide you with the Notice upon your request.

We also emphasise that, in accordance with Article 13 of the Attorneys Act, as attorneys we are obliged to keep as attorney-client privilege everything entrusted to us by a client or that we learn in another way while representing a client. Our employees have the same obligation.

What data we collect and what is the purpose and legal basis of processing

CLIENTS, ATTORNEY SERVICES

For the purpose of performing attorney services and exercising attorney rights and duties (representation, drafting of documents, powers of attorney, conclusion of contracts, preparation of legal opinions), we collect and process personal data of clients, opposing parties, their representatives, witnesses, experts, employees of courts and other state bodies, and personal data of other persons who in any way participate in court and other proceedings in which the Law Firm exercises its attorney rights and obligations, i.e. provides legal assistance:

  1. Identification data (natural persons): first and last name, personal identification number (OIB), address, identity card number, access to photograph,
  2. Identification data of representatives (responsible persons or contact persons) of legal entities: first and last name, OIB, address, identity card number, access to photograph,
  3. Contact data: e-mail address, telephone number, address,
  4. bank account data: IBAN bank
  5. data on other persons as stated above that are necessary for initiating and conducting proceedings, i.e. generally for the provision of attorney services, and which we obtain in another way during representation or provision of legal assistance,
  6. other data you provide to us that are necessary for the provision of legal assistance.

With regard to the legal bases for processing personal data, we process personal data under a), b), c), d) and f) within the meaning of Article 6(1)(b) of the General Regulation – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

We also process personal data under a) and b) in order to comply with legal obligations of the controller (attorney regulations), and pursuant to the Accounting Act and the Act on the Prevention of Money Laundering and Terrorist Financing (Article 6(1)(c) of the General Regulation).

With regard to personal data under e), we also process them on the basis of our legitimate interest (performance of obligations under the Attorneys Act/provision of legal assistance) in order to best defend the interests of the client, and in order to protect the vital interests of the data subject or a third person (Article 6(1)(e) and (f)).

In other cases, the data subject has given consent for the processing of their personal data for one or more specific purposes.

In the case of sending an offer for legal services or an opinion, based on an inquiry or existing business cooperation, consent is not required; this is considered our legitimate interest pursuant to point 47 of the preamble to the General Regulation.

What personal data we do not process and processing we do not carry out

As a rule, we do not collect and do not process special categories of personal data relating to your racial or ethical origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data, data relating to your health, sex life or sexual orientation.

Exceptionally, we will process such data if this is necessary for the establishment, exercise or defence of your legal claims.

We do not process your personal data for the purpose of profiling, nor for automated decision-making that would produce legal effects concerning you or similarly significantly affect you.

BUSINESS PARTNERS

We process personal data of our business partners – natural persons or sole traders, namely: first and last name, OIB, residential (registered office) address, contact e-mail and telephone numbers, official bank account data.

With regard to the legal basis for processing personal data, we will process your personal data within the meaning of Article 6(1)(b) of the General Regulation (processing is necessary for the performance of a contract to which you are party), for the purpose of performing or fulfilling the contract itself.

If the business partner is a legal entity, we process personal data of persons we contact, namely: first and last name, position in the legal entity and contact data (telephone and e-mail address). We process these within the meaning of Article 6(1)(f) on the basis of our legitimate interest for the purpose of establishing and maintaining business contacts and fulfilling the contract.

On the basis of legitimate interest, we may also process personal data of employees of a business partner – sole trader if they are our contact points in a specific business relationship, for the purpose of maintaining the business relationship, namely: first and last name, position and contact data (telephone and e-mail address).

Data subjects have the right to object to the processing of personal data on the basis of the legitimate interests of the controller, and may send their objection to the e-mail address info@hondl.hr.

What personal data we do not process and processing we do not carry out

We do not collect and do not process special categories of personal data relating to your racial or ethical origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data, data relating to your health, sex life or sexual orientation.

We do not process your personal data for the purpose of profiling, nor for automated decision-making that would produce legal effects concerning you or similarly significantly affect you.

JOB CANDIDATES

We process personal data of persons participating in a competition or other procedure (open applications) in connection with establishing an employment relationship with the Law Firm, namely: first and last name, contacts, address, OIB, date of birth, education/qualification and other data you provide to us in connection with the competition procedure or in an open application.

With regard to the legal basis for processing, we will process your personal data within the meaning of Article 6(1)(b) of the General Data Protection Regulation (processing is necessary in order to take steps at the request of the data subject prior to entering into an employment contract), i.e. for the purpose of processing data for the assessment and selection of potential candidates for employment. If you submit open job applications independently of a competition, and we currently do not need employees, we will be able to store your personal data only if you give explicit consent (Article 6(1)(a) of the General Data Protection Regulation).

What if you decide not to provide personal data

In none of the above cases is there a legal obligation to provide personal data, and provision of the same is exclusively on a voluntary basis prior to or when establishing a contractual relationship. However, refusal may result in the controller being unable to process the candidate’s personal data for the purpose of selection for a job position, while for clients and business partners it would mean the inability to establish and maintain a contractual relationship, i.e. to provide legal assistance and attorney services.

How we collect personal data

We collect personal data of clients for the purpose of representation by requesting them from the data subjects themselves or they are contained in documents and other materials we receive from clients, other participants in proceedings before a court or other competent body, from courts and other competent bodies and from third parties.

We collect personal data for the purpose of providing another form of legal assistance from data subjects or other persons who in any other way are connected with the subject matter of the provision of legal assistance.

We collect some personal data from public sources, and it is possible that we receive your personal data in business communication with third parties.

With regard to business partners, we collect data directly from business partners – natural persons, i.e. responsible and contact persons of business partners, or indirectly if the same have been forwarded by another person in the business partner – legal entity.

With regard to candidates, we collect data directly from the candidate or via the Croatian Bar Association in relation to attorney trainees.

Who may receive your personal data, transfer of data to third countries

Attorneys, attorney trainees and our other employees who are authorised to carry out certain processing operations in the performance of their work tasks may have access to personal data (for example employees responsible for mail dispatch, accounting, administration).

For the purpose of performing the above-mentioned purposes of processing personal data, recipients of personal data may be competent state bodies (such as the Croatian Pension Insurance Institute and the Croatian Health Insurance Fund, Tax Administration, courts, FINA, Ministry of the Interior, etc.), attorneys and attorney trainees who provide substitution services to us in accordance with the Attorneys Act, our providers of accounting and similar services, our IT support service providers, credit institutions and the like, notaries public, opposing parties, representatives of opposing parties and employers of opposing parties, experts, court interpreters and translators, third parties in relation to whom there is a legal obligation to disclose your personal data, other third parties for the purpose of pursuing interests related to the purpose of providing legal assistance or achieving our legitimate interest.

With regard to candidates, persons responsible for employment decisions in the Law Firm may have access to data, processors – accounting services for calculation of remuneration, and possibly the Croatian Employment Service (HZZ) for obtaining employment incentives.

If required by the purpose of processing personal data or a legal obligation, the Law Firm may transfer personal data to a third country only in accordance with the General Regulation, whereby it will always inform the data subject of the intention of such transfer. Personal data may be exported from the EU area only if this is in accordance with applicable data protection regulations and if an appropriate level of data security is ensured by means of transfer: (i) by transferring data to a third country on the basis of a European Commission adequacy decision establishing that the legislation of that country ensures an adequate level of data protection, or (ii) by a data transfer agreement concluded with a third party containing standard contractual clauses adopted by the European Commission for cases of transfer of data to controllers and processors in legal systems without an adequate level of data protection.

Security of storage

We collect your personal data in a manner that ensures appropriate security and confidentiality in their processing and enables effective application of the principles of personal data protection, reduction of the amount of personal data, scope of their processing, storage period and availability. We take all technical and organisational measures to adequately protect your personal data from unauthorised disclosure and to ensure their durability, completeness, integrity and confidentiality. All our employees have undertaken to keep personal data confidential by signing a confidentiality statement.

We will respond to all inquiries about security and technical measures as soon as possible, and you may submit them to us via the e-mail address info@hondl.hr .

Retention period

CLIENTS, ATTORNEY SERVICES

We retain your personal data:

  • for at least 10 years after final conclusion of the proceedings in which we represented you;
  • in the case of final conclusion of proceedings, we retain your data until you collect the file from us;
  • in the case of enforcement proceedings following a final and enforceable judgment or decision, in the case of proceedings on extraordinary legal remedies before the Constitutional Court of the Republic of Croatia and/or the European Court of Human Rights and other relevant institutions, your data are retained longer until all legal remedies are exhausted for the purpose of protecting your rights and interests;
  • wills, contracts and other documentation entrusted to us for safekeeping will be kept until the conditions for cessation of safekeeping of entrusted documentation (will) are met or until you collect them from us;
  • in the case of other mandatory legislation, data are retained in accordance with the deadlines under those mandatory regulations;
  • as the controller, we may in each individual case, depending on the special circumstances of the case, determine a longer retention period for personal data if processing of personal data is necessary for the protection of legal or legitimate interests.

If your data form part of accounting records (such as customer lists, invoices, debts), we are obliged to retain them for at least 11 years from the end of the fiscal year.

Furthermore, documentation collected for the purpose of preventing money laundering and terrorist financing (Act on the Prevention of Money Laundering and Terrorist Financing) must be retained for 10 years from the end of the business relationship or performance of the transaction, or within other deadlines prescribed by the said Act.

BUSINESS PARTNERS

We will retain your personal data for five years from fulfilment of rights and obligations under the contractual relationship, but in the case of issuing/receiving an invoice, we will retain data during the mandatory retention period for accounting documents prescribed by applicable regulations (11 years). In the case of business communication, we will retain personal data for five years after cessation of business communication, and in the case of asserting, exercising or defending legal claims or interests, we will retain data depending on the circumstances of each individual case in accordance with deadlines under special regulations.

Contracts with business partners after termination of the contractual relationship are stored if so required by legislation, but their processing is limited so that they cannot be used or processed in any way; they are kept only for archiving purposes.

JOB CANDIDATES

A candidate’s personal data will be retained for the duration of the competition and will be deleted after completion of the competition unless, together with the application, you sign consent allowing us to retain your personal data or CV for a further 24 months for the purpose of potential future employment with the controller.

If you sent a CV and job application independently of a competition, we will store and retain them for a further 24 months if your consent for such storage arrived together with your application, which does not diminish your ability to request erasure earlier, before expiry of the deadline.

Exercising your rights in relation to data processing

As a data subject, you have the right to contact us with a request to exercise any of the rights to which you are entitled:

  • Right of access to data

The data subject has the right to obtain from the controller confirmation as to whether personal data concerning them are being processed and, where that is the case, access to the personal data and the right to obtain the following information:

  • the purposes of processing their personal data,
  • the categories of personal data being processed,
  • recipients or categories of recipients to whom personal data have been or will be disclosed, safeguards where data are transferred to a third country or international organisation,
  • the envisaged period for which personal data will be stored, or the criteria for storage of personal data,
  • the right to lodge a complaint with a supervisory authority,
  • whether automated decision-making exists and, where personal data are not collected from the data subject, their source;
  • to provide the data subject with a printout or copy of personal data contained in the storage system relating to them
  • information on a personal data breach,
  • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or the right to object to such processing.
  • Right to rectification

Data subjects may request rectification and, without undue delay, obtain rectification of inaccurate personal data concerning them, and obtain supplementation of their personal data, among other things by providing an additional statement.

  • Right to erasure (right to be forgotten)

Data subjects have the right to request and, without undue delay, obtain erasure of their personal data, among other things:

  • if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
  • if the data subject withdraws consent and there is no other legal basis for processing,
  • the data subject lodges an objection to processing pursuant to Article 21 of the General Data Protection Regulation and there are no overriding legitimate grounds for processing,
  • personal data have been unlawfully processed,
  • personal data must be erased for compliance with a legal obligation to which the controller is subject.

The above does not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information,
  • for compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest,
  • for the establishment, exercise or defence of legal claims, and

in other cases provided for in Article 17 of the General Data Protection Regulation.

  • Right to restriction of processing,

Data subjects have the right to obtain restriction of processing if:

  • they contest the accuracy of the data,
  • if processing is unlawful and you object to their erasure,
  • if the controller no longer needs the personal data but they have requested them for the establishment, exercise or defence of legal claims,
  • if they have lodged an objection to the processing of personal data,

all in accordance with Articles 18 and 19 of the General Data Protection Regulation

  • Right to data portability

Data subjects have the right to request transfer of their personal data to another controller, in accordance with the provisions of Article 20 of the General Data Protection Regulation.

  • To withdraw consent for processing of your personal data, where applicable,

If processing is based on consent, you have the right at any time to voluntarily and free of charge withdraw your consent, but this will not affect the lawfulness of processing based on consent before it was withdrawn.

  • for cessation of processing of your personal data for the above purposes (objection).

If the controller bases the lawfulness of processing of the data subject’s personal data on its legitimate interest or if processing is necessary for the performance of a task carried out in the public interest, the data subject has the right to object. The controller will no longer process the data subject’s personal data unless the controller demonstrates compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. For the avoidance of doubt, the controller does not apply automated individual decision-making.

For orderly and documented conduct of the procedure, we require that requests for exercising rights be submitted in written form. The request is submitted directly at our registered office or by post. The request may also be delivered by e-mail to info@hondl.hr. A request is considered regular if submitted from the address of the applicant. The person submitting the request must identify themselves. If the request is anonymous and we cannot easily and accessibly establish identity, the request will not be acted upon. Within one month of receipt of your request, we will inform you of our decision and actions taken.

If fulfilment of your request would for the Law Firm mean breach of obligations prescribed by laws, other regulations or rules of conduct, the Law Firm may not be able to comply with your request, but you will still be able to request prohibition of further processing of your personal data.

Right to lodge a complaint with a supervisory authority

In relation to the processing of your personal data, you have the right to lodge a complaint with a supervisory authority (in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in Croatia: Croatian Personal Data Protection Agency, Zagreb, Ulica Metela Ožegovića 16, www.azop.hr (address and other data on the official website of the Croatian Personal Data Protection Agency).

Changes to the Notice

Depending on needs, we may change this Notice in order to improve our conduct and achieve greater protection of your right to privacy or if required by changes in regulations. We will appropriately publish every amendment to this Notice. Please check from time to time whether we have changed this Notice.

Valid from: 25 May 2018.

Last updated: 19 May 2026.