1. Data controller
The controller of personal data is:
IM-RIČ d.o.o.
M. Matošeca 1, 10000 Zagreb
E-mail: im-ric@zg.t-com.hr
2. Legal basis for processing
Personal data is processed in accordance with:
- Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR),
- Act on the Implementation of the General Data Protection Regulation,
- Anti-Money Laundering and Terrorist Financing Act,
- other applicable regulations of the Republic of Croatia.
Processing is based on:
- legal obligation,
- performance of a contract,
- legitimate interest,
- consent of the data subject (where applicable).
3. Types of data
The Company may process:
- identification data (name and surname, identification document number – where applicable),
- contact data (e-mail, phone),
- transaction data,
- IP address and technical data when using the website.
4. Purpose of processing
- provision of exchange services,
- fulfilment of legal obligations,
- communication with users,
- business security,
- record keeping in accordance with the law.
5. Data retention period
Data is retained within periods prescribed by applicable legislation, particularly financial and tax regulations and anti-money laundering regulations.
6. Rights of the data subject
The data subject has the right to:
- access personal data,
- rectification of inaccurate data,
- erasure of data (if legal conditions are met),
- restriction of processing,
- objection to processing,
- lodging a complaint with the supervisory authority.
Supervisory authority in the Republic of Croatia:
Personal Data Protection Agency (AZOP)