en hr
intea logotip
Contact Us
Choose langauge

Privacy policy

Privacy policy

dot ilustration

Privacy policy

1.    General

INTEA d.d. (hereinafter referred to as the “Company” or the “Data Controller”) respects the privacy of its clients (hereinafter referred to as the “Data Subjects”) and is committed to protecting the personal data it collects and processes in the course of its business activities.

The security of the Data Subjects’ personal data is of great importance to the Company, and we undertake to act in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), which came into force on 25 May 2018 (hereinafter referred to as the “Regulation”). The main purpose of the General Regulation is to protect personal data, i.e., all information related to private individuals.

This Privacy Policy (hereinafter referred to as the “Policy”) contains key information about the processing and protection of personal data carried out by the Company in the course of its operations, particularly concerning:

  • the identity and contact details of the Data Controller
  • contact details of the Data Protection Officer
  • categories of individuals whose personal data the Company processes
  • categories of personal data processed by the Company
  • purposes and legal bases for the processing of personal data
  • recipients of personal data and data transfers
  • retention periods for personal data
  • rights of data subjects and how to exercise them
  • security of personal data storage
  • use of cookies
  • changes to the Policy

This Policy applies to the processing of personal data that we perform as part of our business operations, including the processing of personal data related to your use of our website www.intea.hr (hereinafter referred to as the “Website”).

  • Facebook (https://www.facebook.com/Intea)
  • LinkedIn (https://www.linkedin.com/company/intea/)
  • Instagram (https://www.instagram.com/intea)

2.     Data Controller

The Data controller responsible for the processing of personal data and for determining the purposes and means of personal data processing is:

INTEA d.d.
Av. V. Holjevca 27
HR-10020 Zagreb
Phone: +385 1 3436 200
E-mail: info@intea.hr

The data controller has appointed a Data Protection Officer, whom Data subjects may contact with any questions, remarks, complaints, requests, or other comments regarding the processing of personal data at the e-mail address: szop@intea.hr or at the following address:

INTEA d.d.
Attn: Data Protection Officer
Av. V. Holjevca 27
HR-10020 Zagreb

3.    Purpose and Legal Basis for Processing Personal Data

The Company protects the privacy of data subjects and processes only personal data that are necessary and have been obtained in the course of its business activities—whether the data were provided by the data subject, by third parties, or from publicly available sources—for the following purposes:

Fulfillment of contractual obligations – when processing is necessary for the execution of a contract or to take steps at the request of the data subject prior to entering into a contract

Legitimate interests – when necessary, personal data are processed to fulfill legitimate interests essential to the Company’s business. For example, such interests may include:

  • meeting data subjects' requests for the development, delivery, and improvement of products and services or for internal Company purposes, such as audits, data analysis, and market research to improve products and services and communicate with users
  • responding to inquiries and comments from data subjects
  • Processing for a specific purpose or multiple specific purposes described in the data subject’s consent, which is obtained prior to any such processing. Consent is in line with relevant provisions of the Regulation, is unconditional, and freely given. The data subject retains the right to withdraw their consent at any time.

If the Company intends to process personal data for purposes not described here or beyond the scope of the consent, it will inform the data subject about that new purpose and any other relevant processing details beforehand.

In the course of regular business, the Company collects and processes the personal data of the following categories of data subjects:

  • Job applicants
  • Business partners
  • Website visitors

3.1.    Job Applicants

In relation to the employment application process, the Company processes personal data such as:

  • full name, photograph (if provided with the CV), occupation, previous employment details and work experience, residential address, email address, phone number, and other data voluntarily included in the CV (e.g., education, qualifications, skills, and specific knowledge).

These personal data are processed under Article 6(b) of the GDPR (processing necessary to take steps at the request of the data subject prior to entering into an employment contract), with the aim of identifying, selecting, and hiring the most suitable candidate for an advertised position, maintaining a database of potential candidates for future job openings, and encouraging applications from qualified individuals.

If an open job application is submitted outside of a specific vacancy, personal data may only be processed based on the explicit consent of the data subject (Article 6(b) of the GDPR).

Providing personal data is voluntary. However, during the application process for an advertised position or during the candidate selection process, the data subject submits their personal data to the Company. Failure to provide such data results in inability to apply or participate in the selection process.

3.2.    Business Partners

The Company processes two main categories of business partners (customers, suppliers, and other associates):

  • Legal entities, primarily companies – in which case the personal data of individuals employed by those partners are processed
  • Natural persons, primarily sole proprietors or freelancers – in which case, in addition to data of any employed individuals, the Company processes the personal data of the business partners themselves

The Company primarily collects and processes personal data required by applicable legal regulations in commercial, accounting, and tax law, as well as per contracts concluded with business partners. These include:

  • Identification data (full name, business contact information such as email and phone numbers, OIB [Personal Identification Number], etc.)
  • Job-related data (job title, function, workplace, department, working hours, etc.)
  • Financial data (transaction data, bank details, and other data required by accounting and/or tax laws)

The specified personal data are processed in accordance with Article 6(b) of the General Data Protection Regulation (processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract), or in accordance with Article 6(f) of the Regulation (processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party), for the following purposes::

  • Evaluation and selection of business partners (for this purpose, among other things, personal data necessary for evaluating and selecting business partners are processed, including identifying and verifying relevant individuals, conducting due diligence, and performing checks based on information from publicly available sanction lists published by competent authorities)
  • Contract conclusion and execution with business partners (this includes processing personal data necessary for concluding and executing contracts with business partners, as well as recording and payment/collection for delivered services, goods, and materials)
  • Development and improvement of products and/or services (this includes processing data necessary for developing and improving our products and/or services, as well as research and development)
  • Relationship management and marketing (this includes activities such as maintaining and promoting contacts with business partners, managing client relationships, providing customer support services, developing, implementing, and analyzing market research and marketing strategies, including online marketing activities like advertising, and use of our Website)
  • Execution of business processes, operations management, and executive reporting (this includes managing company assets, conducting audits and investigations, reviewing and monitoring compliance with internal Company rules relating to business partner relationships and other individuals, finance and accounting, implementing business controls,  and processing personal data for the purposes of executive reporting, analysis, archiving, securing, legal or business consulting, and preventing, handling, and resolving disputes)
  • Health, safety, protection, and integrity (this includes protecting the interests, safety, and property of the Company and its employees and/or business partners, as well as activities related to employee health protection and verifying the status and access rights of business partners)
  • Legal compliance (this includes processing personal data to fulfill legal obligations applicable to the Company, including disclosure of data to competent or supervisory authorities such as tax authorities)

If the Company needs to process personal data for any other purposes, data subjects will be specifically informed in advance..

Most of this data processing is legally mandated, meaning the data subject is required to provide the data, and the Company is obligated to process it. Failure to provide such data would prevent the formation or continuation of a business relationship. In exceptional cases, providing certain data may be voluntary—refusal would only prevent access to additional benefits based on voluntary, informed consent, which can be withdrawn at any time.

Direct Marketing (Business Partners)

Based on legitimate interest, INTEA processes personal data (name, surname, address, email address) for the purposes of direct marketing, specifically by sending newsletters (containing information about projects, products, etc.) and invitations to special events.
If a data subject does not wish for their personal data to be processed for direct marketing purposes, they should send a request to the following email address: szop@intea.hr.

3.3.    Website Visitors

When visiting the Company’s website, personal data may be collected indirectly through:

  • Cookies – a unique identifier is assigned to the user (see the “Cookies” section)
  • Other aggregated data related to site usage via Google Analytics

Inquiry Form

The Company processes personal data provided in the inquiry form on the Website. These are processed solely for the purpose of responding to the inquiry. 

4.    Recipients of Personal Data

Authorized employees of the Company have access to personal data only to the extent necessary to perform their work tasks and only if required for the purposes described in this Policy. Business contact details of business partners—such as name and surname, job title, telephone number, work address, and email address—will generally be available to all our employees for the purposes of (internal) communication.

The Company may need to share personal data with third parties in the context of achieving the purposes described above. These third parties primarily include:

  • Other business partners of the Company with whom communication occurs as part of mutual business relationships (e.g., commercial banks or data processors such as accounting firms, recruitment service providers during hiring processes, tax or legal advisors, auditors, marketing agencies engaged for specific promotional activities, training and education service providers, etc.)
  • In the case of corporate restructuring, when a third party wishes to acquire or does acquire shares in the Company, personal data of individuals may be disclosed or transferred to such (potential) acquirer in relation to the transaction
  • Competent public authorities in cases prescribed by applicable law (e.g., tax authorities, courts, various inspections, etc.)

The data controller may also have a contractual relationship with specific processors for the purpose of candidate selection during recruitment processes. These processors act on behalf of the controller and manage platforms and potential communications with candidates.

The Company requires that any third parties to whom personal data are disclosed commit to processing them in accordance with the Regulation (GDPR).

5.    Transfer of Personal Data to Third Countries

Some of the above-mentioned categories of data subjects may be located in so-called third countries, i.e., countries outside the European Economic Area (EEA), excluding Switzerland, which are not considered to provide an adequate level of protection for personal data.

In cases where personal data are transferred to recipients in such countries, the Company ensures an appropriate level of protection through contractual and other mechanisms, such as the Standard Contractual Clauses adopted by the European Commission.

6.    Retention Period for Personal Data

The Company handles personal data processing with due care, ensuring the rights of all data subjects in accordance with legal regulations and the requests of data subjects. For each processing purpose, it defines retention periods in accordance with applicable regulations (e.g., tax and accounting laws), or for as long as necessary to fulfill the purpose for which the data were collected—or until the data subject requests deletion prior to the expiration of that period, in accordance with the rights defined in Article 7 of this Policy.

Once the retention period has expired, personal data will be either deleted or anonymized.

At any time, the data subject may request information from the data controller regarding the personal data it holds, and may request modification, updating, or deletion of that data. Before granting access to the data, the data controller will verify the identity of the requester and assess the legitimacy of the request. If the data controller is legally obliged to deny the request, it will do so and inform the data subject of the reasons.

The Company retains personal data for the durations specified in the following subsections, depending on the category of data subject.

6.1.    Candidates for Employment

Candidates' personal data are retained until the completion of the selection process, except in cases of employment or where consent has been provided with the application, allowing the Company to retain personal data or the CV for an additional twelve (12) months for the purpose of contacting the candidate about future job opportunities—or for twelve (12) months from the date of an open application submission.

6.2.    Business Partners

If the data retention periods are not prescribed by law, personal data are retained as long as necessary to fulfill the purpose for which they were collected, or longer if a dispute with the business partner exists.
Contracts with business partners are retained after the termination of the contractual relationship where required by legal regulations, but their processing is restricted so that they cannot be used or processed in any way other than for archival purposes.

6.3.    Website Visitors

Data collected through cookies are retained in accordance with the settings of the user's Internet browser.

Inquiries on the Website

After a response to an inquiry has been provided, the personal data are archived and retained for six (6) months in case further communication is needed.

7.    Exercising Rights Related to Data Processing

In relation to the personal data processed and described in this Privacy Policy, the data subject may submit a request to the email address szop@intea.hr or by mail to INTEA d.d., Av. V. Holjevca 27, 10020 Zagreb, to:

  • access their personal data
  • correct their personal data
  • delete their personal data
  • restrict the use of their personal data
  • transfer their personal data to another data controller (data portability)
  • stop the processing of their personal data (objection)
  • withdraw previously given consent

If fulfilling a request would result in the data controller breaching obligations set by law, other regulations, or procedural rules, the data controller may not be able to fulfill the request. However, it will still be possible to request the prohibition of further processing of personal data.

7.1.    Right of Access to Personal Data 

The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning them are being processed, and, where that is the case, to access those personal data and obtain the following information:

  • the purpose of the personal data processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients are in third countries or international organizations, and details of the safeguards in place
  • the anticipated retention period for the personal data, or, if not possible, the criteria used to determine that period
  • the existence of the right to request rectification or erasure of personal data, or restriction of processing, or the right to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • if the personal data were not collected from the data subject, information about their source
  • the existence of automated decision-making, including profiling

The data controller shall provide the data subject with a copy of the personal data undergoing processing.

7.2.    Right to Rectification of Personal Data 

The data subject has the right to request and obtain, without undue delay, the rectification of inaccurate personal data concerning them, as well as to have incomplete personal data completed, including by providing a supplementary statement.

7.3.    Right to Erasure of Personal Data (Article 17 of the Regulation)

The data subject has the right to request and obtain, without undue delay, the erasure of personal data concerning them, if one of the following conditions is met:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing
  • the data subject objects to the processing pursuant to Article 21 of the General Data Protection Regulation, and there are no overriding legitimate grounds for the processing
  • the personal data have been unlawfully processed
  • the personal data must be erased to comply with a legal obligation to which the controller is subject

The above does not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information
  • for compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest
  • for the establishment, exercise, or defense of legal claims
  • and in other cases as specified in Article 17 of the General Data Protection Regulation

7.4.    Right to Restriction of Processing 

The data subject has the right to obtain from the data controller a restriction of processing where one of the following applies:

  • the data subject contests the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data
  • the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims
  • the data subject has objected to processing, pending verification of whether the legitimate grounds of the controller override those of the data subject

7.5.    Right to Data Portability

The data subject has the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance, where the processing is based on consent or a contract, and the processing is carried out by automated means.

In exercising the right to data portability, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible.

7.6.    Right to Object

The data subject has the right to object at any time to the processing of personal data concerning them. From the moment the objection is received, the data controller will no longer process the data subject’s personal data, unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. For clarity, the data controller does not apply automated individual decision-making. All decisions that have legal or similarly significant effects are made with significant human intervention.

7.7.    Right to Withdraw Consent

If the data subject has provided consent for the processing of personal data, they may withdraw it at any time. The provision, withdrawal, and modification of consent are carried out in accordance with the rights described in this section of the Privacy Policy.

If the data subject withdraws consent or objects to the processing, their personal data will no longer be used in regular processing, which may result in the inability to fully deliver the service.

7.8.    Right to Lodge a Complaint with a Supervisory Authority

In relation to the processing of personal data, the data subject has the right to lodge a complaint with the national supervisory authority in Croatia: Agencija za zaštitu osobnih podataka, Selska cesta 160, 10 000 Zagreb, www.azop.hr, e-mail: azop@azop.hr.

8.    Data Storage Security

The Company ensures that personal data are processed and used securely and in compliance with applicable legal regulations and best practice standards. The Company takes all technical, physical, and organizational measures to protect data from security risks such as accidental, unauthorized, unlawful, or otherwise unwanted access, destruction, loss, or disclosure, and ensures a level of security appropriate to the risks associated with data processing.

The Company provides access to personal data only to employees who need it to fulfill your request or to provide our services.

9.    Cookies

When visiting the Website, the browser on the user’s computer or mobile device stores certain information in the form of small text files—cookies—which contain certain user data. This allows the Website to recognize the user’s device on subsequent visits, thereby enabling a personalized experience while using the Website.

The cookies used by the Company on the Website are necessary technical cookies, required for the Website to function. These cannot be disabled, and no user consent is required for their use.

The Company does not use marketing cookies that track users and display targeted advertisements.

10.    Changes to the Policy

The Company regularly updates the Privacy Policy to ensure it is accurate and current, and reserves the right to amend its content if deemed necessary. Data subjects will be notified in a timely manner of all changes and amendments via the Website, in accordance with the principle of transparency.

Zagreb, 26. June 2025

Automate Your Future