{"id":294403,"date":"2025-09-10T12:20:04","date_gmt":"2025-09-10T10:20:04","guid":{"rendered":"https:\/\/roel.com.hr\/?page_id=294403"},"modified":"2025-09-11T02:29:38","modified_gmt":"2025-09-11T00:29:38","slug":"personal-data-protection-policy","status":"publish","type":"page","link":"https:\/\/roel.com.hr\/en\/personal-data-protection-policy\/","title":{"rendered":"Personal Data Protection Policy"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Personal Data Protection Policy<\/h1>\n

 <\/p>\n

 <\/p>\n

Pursuant to Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95\/46\/EC (General Data Protection Regulation), and the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42\/18), the company Roel Real Estate d.o.o., Ulica Frana Bo\u0161njakovi\u0107a 6, 10000 Zagreb, Croatia, OIB: 83280759774, represented by Director Dina Ajel<\/p>\n

on 10 September 2025 adopts the following:<\/p>\n

 <\/p>\n

PERSONAL DATA PROTECTION POLICY<\/strong><\/p>\n

 <\/p>\n

I GENERAL PROVISIONS<\/strong><\/p>\n

 <\/p>\n

Article 1<\/strong><\/p>\n

1.1. In the process of personal data processing and the protection of individuals with regard to the processing of personal data and the rules related to the free movement of personal data, the company Roel Real Estate d.o.o. (hereinafter: the Agency) is obliged to apply the General Data Protection Regulation (EU) 2016\/679 (hereinafter: the GDPR) and the Act on the Implementation of the General Data Protection Regulation (hereinafter: the Implementation Act).<\/p>\n

1.2. Prior to entering into contractual relations, during their duration, and after their termination, the Agency is obliged to process certain data of the data subject\/client for the purpose of reporting required by competent supervisory authorities and public institutions.<\/p>\n

1.3. In accordance with the above, and for the purpose of responsible business operations of the Agency, there is a legitimate interest in processing certain personal data. The collected data is used exclusively for real estate brokerage services (sale\/rent\/lease).<\/p>\n

1.4. In accordance with Art. 4(7) of the GDPR, the Agency is the controller of personal data processing.<\/p>\n

 <\/p>\n

Article 2<\/strong><\/p>\n

2.1. In accordance with the valid Anti-Money Laundering and Counter-Terrorist Financing Act, which also applies to the Agency, the collected personal data may be used for conducting due diligence and identifying the ultimate beneficial owner of the client, as well as for determining whether the data subject\/client is a politically exposed person (which requires copies of identification documents, extracts from public registers, information on the origin of funds, and transaction confirmations).<\/p>\n

2.2. This verification may concern the identity of the data subject\/client, the identity of authorized representatives\/proxies, ultimate beneficial owners, and includes an assessment of the nature of the business relationship being established, determining the origin of funds, as well as continuous monitoring of the business relationship if a high risk of money laundering or terrorist financing has been assessed.<\/p>\n

 <\/p>\n

Article 3<\/strong><\/p>\n

3.1. Certain terms and expressions used in this Policy, in accordance with the GDPR and the Implementation Act, have the following meaning:<\/p>\n

Personal data<\/em> means any information relating to an identified or identifiable natural person (\u201cdata subject\u201d); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.<\/p>\n

Processing<\/em> means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.<\/p>\n

Lawfulness of processing<\/em> \u2013 processing shall be lawful only if and to the extent that at least one of the following applies: the data subject has given consent to the processing of his or her personal data; processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; processing is necessary for compliance with a legal obligation to which the controller is subject; processing is necessary in order to protect the vital interests of the data subject or of another natural person; processing is necessary for the performance of a task carried out in the public interest; processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.<\/p>\n

Controller<\/em> means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; the controller is Roel Real Estate d.o.o.<\/p>\n

Recipient<\/em> means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.<\/p>\n

Third party<\/em> means a natural or legal person, public authority, agency or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.<\/p>\n

Consent of the data subject<\/em> means any freely given, specific, informed and unambiguous indication of the data subject\u2019s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.<\/p>\n

Data subject\/client<\/em> means an individual to whom personal data relate, and whose identity can be identified or has been identified during the business process.<\/p>\n

Identification data<\/em> \u2013 full name, date, place and country of birth, address, nationality, OIB (personal identification number), identification document (type, number, date of issue, issuing authority).<\/p>\n

Proof of identity<\/em> \u2013 a copy of an identity card or passport.<\/p>\n

Contact details<\/em> \u2013 phone number, mobile phone, e-mail.<\/p>\n

Contractual data<\/em> \u2013 data concerning brokerage services, data relating to purchase\/sale\/rent\/lease, contract date.<\/p>\n

Financial data<\/em> \u2013 bank account number (IBAN) for concluding purchase agreements and rental\/lease agreements, origin of funds only in exceptional circumstances prescribed by the Anti-Money Laundering and Counter-Terrorist Financing Act.<\/p>\n

Creditworthiness data<\/em> \u2013 credit rating data and other data necessary for obtaining loans.<\/p>\n

Real estate data<\/em> \u2013 name of the cadastral municipality, land registry file and sub-file number, cadastral parcel number, owner, property address, location, building and occupancy permit, cadastral plan, extract from the land register, extract from the register of deposited contracts, possession list.<\/p>\n

Accounting data<\/em> \u2013 legally required invoice elements, and records of payments made in accordance with applicable accounting regulations.<\/p>\n

Filing system<\/em> means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.<\/p>\n

Pseudonymisation<\/em> means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.<\/p>\n

Personal data breach<\/em> means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.<\/p>\n

 <\/p>\n

II PROCESSING OF PERSONAL DATA<\/strong><\/p>\n

 <\/p>\n

Article 4<\/strong><\/p>\n

4.1. The data of the data subject\/client are processed in accordance with applicable regulations (the GDPR, the Implementation Act), whether the business cooperation with the Agency is in the capacity of a buyer \/ seller \/ landlord \/ tenant \/ lessor \/ lessee<\/strong>, an authorized representative\/proxy, and include, but are not limited to, cases of personal data provided in any request submitted in writing, orally or electronically, in a beneficial ownership document, business entity document, or purchase agreement.<\/p>\n

4.2. The Agency processes the personal data of natural persons lawfully, fairly, and transparently. Only adequate and relevant personal data are processed, and solely for specific, explicit, and lawful purposes, and are not further processed in a manner incompatible with those purposes.<\/p>\n

4.3. The personal data processed by the Agency are accurate and are updated as necessary. Personal data that are inaccurate are deleted or corrected without delay.<\/p>\n

4.4. The Agency processes personal data exclusively in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage, by applying appropriate technical and organizational measures.<\/p>\n

4.5. The Agency retains personal data only for as long as necessary for the purposes for which the personal data are processed, and subsidiarily in accordance with specific legal regulations binding upon the Agency. Exceptionally, personal data may be stored for longer periods, but only if they will be processed exclusively for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes.<\/p>\n

 <\/p>\n

Article 5<\/strong><\/p>\n

5.1. Any further processing of data, on the stated grounds, is permitted only for purposes that are compatible with the original purpose of data collection, namely actions and procedures related to the purchase and sale of real estate, the rental or lease of real estate, or procedures related to seeking real estate for a client (data subject) for purchase\/rent\/lease. In such cases, no separate legal basis for processing is required, as such processing constitutes a lawful basis for further processing.<\/p>\n

 <\/p>\n

Article 6<\/strong><\/p>\n

6.1. Pursuant to the GDPR and the Implementation Act, the controller keeps a record of processing activities for which it is responsible. This record contains the following information:<\/p>\n

    \n
  1. Name and contact details of the controller<\/li>\n
  2. Purpose of processing<\/li>\n
  3. Categories of data subjects and categories of personal data<\/li>\n
  4. Categories of recipients to whom personal data have been or will be disclosed<\/li>\n
  5. Transfers of personal data to third countries, if applicable<\/li>\n
  6. Intended time limits for erasure, if applicable<\/li>\n
  7. Technical and organizational measures for the protection of personal data<\/li>\n<\/ol>\n

     <\/p>\n

    Article 7<\/strong><\/p>\n

    6.1. Pursuant to the GDPR and the Implementation Act, the Agency keeps records of personal data processing activities, establishes and maintains records containing basic information on the filing system, according to the following categories (if applicable to the individual category):<\/p>\n

    Name of the filing system \u2013 records of personal data processing activities, namely:<\/p>\n

      \n
    1. Filing system \u201cRecord of personal data processing activities \u2013 purchase\/sale \u2013 natural persons selling real estate\u201d<\/li>\n
    2. Filing system \u201cRecord of personal data processing activities \u2013 purchase\/sale \u2013 natural persons seeking real estate\u201d<\/li>\n
    3. Filing system \u201cRecord of personal data processing activities \u2013 rent\/lease \u2013 natural persons owning real estate rented\/leased out\u201d<\/li>\n
    4. Filing system \u201cRecord of personal data processing activities \u2013 rent\/lease \u2013 natural persons seeking real estate\u201d<\/li>\n<\/ol>\n

      Name of the filing system \u2013 records of personal data processing activities, namely:<\/p>\n

        \n
      1. Filing system \u201cRecord of personal data processing activities \u2013 purchase\/sale \u2013 legal persons selling real estate\u201d<\/li>\n
      2. Filing system \u201cRecord of personal data processing activities \u2013 purchase\/sale \u2013 legal persons seeking real estate\u201d<\/li>\n
      3. Filing system \u201cRecord of personal data processing activities \u2013 rent\/lease \u2013 legal persons owning real estate rented\/leased out\u201d<\/li>\n
      4. Filing system \u201cRecord of personal data processing activities \u2013 rent\/lease \u2013 legal persons seeking real estate\u201d<\/li>\n
      5. Name of the filing system: \u201cRecord of personal data processing activities \u2013 Agency employees\u201d (if applicable)<\/li>\n<\/ol>\n

        6.2. Filing systems may be added, modified, and deleted depending on business needs.<\/p>\n

         <\/p>\n

        III CATEGORIES OF DATA SUBJECTS<\/strong><\/p>\n

         <\/p>\n

        Article 8.<\/strong><\/p>\n

        8.1. The personal data collection applies to all clients who are in a business relationship with the Agency, namely to all sellers, landlords and lessors of real estate as well as buyers, tenants and lessees thereof.<\/p>\n

        8.2. Additionally, if applicable, a special collection of personal data also applies to all employees of the Agency.<\/p>\n

         <\/p>\n

        IV TYPES OF DATA CONTAINED IN THE DATA COLLECTIONS<\/strong><\/p>\n

         <\/p>\n

        Article 9.<\/strong><\/p>\n

        9.1. The collections contain the following types of data:<\/p>\n

        1. DATA ABOUT A LEGAL ENTITY OR AN EQUIVALENT SUBJECT<\/p>\n

        1.1. Name \/ company
        1.2. Legal form
        1.3. Registered office\/business address (street and number)
        1.4. City
        1.5. Country
        1.6. Identification number
        1.7. Financial data \u2013 bank account number
        1.8. Data about the authorized representative (name, surname, address, identification number, contact details \u2013 email, mobile\/phone number)
        1.9. Data about the property (city, address, cadastral plot no., land registry file no., cadastral municipality, land registry department, competent court, land registry extract, cadastre extract, etc.)<\/p>\n

        2. DATA ABOUT A NATURAL PERSON<\/p>\n

        2.1. Name and surname
        2.2. Residence\/usual address (street and number)
        2.3. Place of residence\/usual address
        2.4. Country of residence\/usual address
        2.5. Citizenship
        2.6. Identification number
        2.7. Date of birth
        2.8. Place and country of birth
        2.9. Identification document (type, number, date of issue and issuing authority)
        2.10. Whether the client is a politically exposed person (YES \/ NO)
        2.11. Financial data \u2013 bank account number
        2.12. Contact details \u2013 email, mobile\/phone number
        2.13. Data about the property (city, address, cadastral plot no., land registry file no., cadastral municipality, land registry department, competent court, land registry extract, cadastre extract, etc.)<\/p>\n

        3. DATA ABOUT THE INTENDED NATURE OF THE BUSINESS RELATIONSHIP OR TRANSACTION<\/p>\n

        3.1. Type of business relationship
        3.2. Purpose of the business relationship
        3.3. Type of transaction (cash, non-cash, etc.)<\/p>\n

        4. ADDITION FOR ENHANCED DUE DILIGENCE (if applicable)<\/p>\n

        4.1. If the client is a politically exposed person
        4.1.1. Data on the source of funds and assets that are or will be the subject of the business relationship or transaction
        4.2. If the client is not present when establishing the business relationship
        4.2.1. Additional documents, data or information based on which the client\u2019s identity has been verified<\/p>\n

         <\/p>\n

        V PURPOSE OF DATA PROCESSING<\/strong><\/p>\n

         <\/p>\n

        Article 10.<\/strong><\/p>\n

        10.1. Personal data are collected for the purpose of fulfilling the Agency\u2019s legal obligations, i.e. the processing of personal data by the Agency is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract, namely for the performance of a brokerage agreement in the purchase\/sale\/rent\/lease of real estate, whether the data subject appears as the owner of the property to be sold, rented or leased out, or as a client seeking a property to purchase, rent or lease.<\/p>\n

         <\/p>\n

        VI LEGAL BASIS FOR ESTABLISHING THE DATA COLLECTION<\/strong><\/p>\n

         <\/p>\n

        Article 11.<\/strong><\/p>\n

        11.1. The legal basis for establishing the personal data collection primarily arises from Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95\/46\/EC (General Data Protection Regulation), and the Act on the Implementation of the General Data Protection Regulation (NN 42\/18), and furthermore from the Anti-Money Laundering and Terrorist Financing Act, the Real Estate Brokerage Act, the Real Estate Transfer Tax Act, the Real Estate Valuation Act, the Land Registry Act, the Ownership and Other Real Rights Act, the Construction Act, the Apartment Lease Act, the Housing Loans Subsidy Act, and the Civil Obligations Act.<\/p>\n

         <\/p>\n

        VII PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA<\/strong><\/p>\n

         <\/p>\n

        Article 12.<\/strong><\/p>\n

        12.1. The Agency does not process special categories of personal data.<\/p>\n

         <\/p>\n

        VIII RIGHTS OF THE DATA SUBJECT \/ CLIENT<\/strong><\/p>\n

         <\/p>\n

        Article 13.<\/strong><\/p>\n

        13.1. In the process of personal data processing, the Agency shall provide the data subject with all information related to the processing of their personal data, in an appropriate manner (in writing or directly verbally), in particular about the purpose of data processing, the legal basis for processing, the Agency\u2019s legitimate interests, the intention to disclose personal data to third parties, the period in which personal data will be stored, the existence of the right of the data subject to access personal data and to rectification or erasure of personal data and restriction of processing, the right to object, etc.<\/p>\n

        13.2. With regard to the processing of personal data, data subjects\/clients may exercise the following rights:<\/p>\n

        Right of access<\/em> \u2013 Data subjects\/clients may request confirmation from the Agency whether their personal data are being processed and to what extent, provided that the identity of the data subject\/client is unquestionably established by checking a photo ID.<\/p>\n

        Right to rectification<\/em> \u2013 If incomplete or inaccurate personal data are processed, their correction or supplementation may be requested at any time by the data subject\/client, by providing an additional statement and provided that their identity is unquestionably established by checking a photo ID.<\/p>\n

        Right to erasure<\/em> \u2013 Data shall be erased if the data subject\/client proves that the reasons for which the personal data are being processed are no longer permissible or necessary considering the purpose for which they were collected, or if the data subject\/client withdraws their consent.<\/p>\n

        Right to restriction of processing<\/em> \u2013 The restriction of processing does not apply to: storage of personal data, or if personal data are necessary for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person. The data subject\/client may request the temporary blocking of personal data processing if they dispute the accuracy of such data. During the period of restricted processing, until the restriction is lifted, the data concerned may be processed only based on the consent of the data subject\/client.<\/p>\n

        Right to withdraw consent<\/em> \u2013 The data subject\/client has the right to withdraw the consent given for the collection and processing of their personal data at any time, in writing, provided that their identity is unquestionably established by checking a photo ID.<\/p>\n

        Right to lodge a complaint<\/em> \u2013 The data subject\/client has the right at any time to file a written complaint, stating the reasons, and the Agency is obliged to inform whether specific interests, rights, and freedoms of the data subject\/client have been violated.
        Right to lodge a complaint with a supervisory authority \u2013 Complaints by the data subject\/client are submitted to the Croatian Personal Data Protection Agency (hereinafter: AZOP), or to a supervisory authority within the EU.<\/p>\n

        13.3. The Agency is obliged to act on the request submitted by the data subject\/client, their legal representative, or proxy within no later than 30 days from the date of the request.<\/p>\n

         <\/p>\n

        IX STORAGE SYSTEM<\/strong><\/p>\n

         <\/p>\n

        Article 14.<\/strong><\/p>\n

        14.1. The Agency\u2019s statutory obligations also include the obligation to archive the documentation of the data subject\/client, as well as to properly store the data in secure processing systems in order to fulfill the statutory obligations for archiving and data storage.<\/p>\n

         <\/p>\n

        X DATA CONTROLLER<\/strong><\/p>\n

         <\/p>\n

        Article 15.<\/strong><\/p>\n

        15.1. The Data Controller is obliged to ensure the protection of personal data in a fair and lawful manner so that their protection\/confidentiality is guaranteed, which means that personal data are processed for a specific and lawful purpose, with the existence of a legal basis prescribed by the Personal Data Protection Act.<\/p>\n

         <\/p>\n

        Article 16.<\/strong><\/p>\n

        16.1. Prior to collecting personal data, the Data Controller is obliged to inform the data subjects\/clients of their identity, the purpose of processing personal data, and the legal basis for processing personal data.<\/p>\n

         <\/p>\n

        Article 17.<\/strong><\/p>\n

        17.1. At the request of the data subject\/client, or their legal representative\/authorized person, the Data Controller is obliged to enable the exercise of the right to access the use of their personal data or the right to rectify inaccurate data.<\/p>\n

         <\/p>\n

        Article 18.<\/strong><\/p>\n

        18.1. The Data Controller shall take appropriate technical, personnel, and organizational measures to protect personal data from unauthorized access and possible misuse.<\/p>\n

         <\/p>\n

        Article 19.<\/strong><\/p>\n

        19.1. The Data Controller shall act in accordance with the instructions of the Croatian Personal Data Protection Agency (AZOP) as the supervisory authority in the field of personal data protection, and shall enable AZOP to access all personal data files and other documentation, as well as data processing tools.<\/p>\n

         <\/p>\n

        Article 20.<\/strong><\/p>\n

        20.1. The Data Controller shall establish Records of personal data files it maintains and, if necessary, submit such Records to the central register kept by the Croatian Personal Data Protection Agency. Records of personal data processing activities are classified into categories described in Article 7 of this Policy, totaling 8 categories.<\/p>\n

         <\/p>\n

        Article 21.<\/strong><\/p>\n

        21.1. By means of an internal Decision, the Data Controller may appoint a Data Protection Officer, if applicable and if the need arises.<\/p>\n

         <\/p>\n

        XI RETENTION PERIOD OF DATA<\/strong><\/p>\n

         <\/p>\n

        Article 22.<\/strong><\/p>\n

        22.1. All data of the data subject\/client, on the basis of which identification can be made, shall be stored for a limited period of time, i.e., in accordance with special regulations applicable to the Agency. If necessary, the data shall be anonymized after the purpose ceases, and permanently deleted in accordance with statutory regulations. Personal data collected on the basis of consent shall be deleted at the moment of withdrawal of such consent, except where another legal basis for processing exists.<\/p>\n

         <\/p>\n

        XII MEASURES FOR THE PROTECTION OF PERSONAL DATA<\/strong><\/p>\n

         <\/p>\n

        Article 23.<\/strong><\/p>\n

        23.1. Personal data processed by the Agency are appropriately protected from accidental or intentional misuse, unauthorized alteration or access, and technical, personnel, and organizational measures have been taken to protect personal data.<\/p>\n

        23.2. Persons responsible for the processing of personal data are accountable for protecting personal data from accidental loss or destruction, from unauthorized access or unauthorized alteration, unauthorized disclosure, and any other misuse.<\/p>\n

         <\/p>\n

        Article 24.<\/strong><\/p>\n

        24.1. Technical measures for the protection of personal data include:<\/p>\n

          \n
        1. the computer and the assigned email address in the Agency are used exclusively for official purposes<\/li>\n
        2. if more than one agent is employed in the Agency, each agent has their own login password for the PC<\/li>\n
        3. all documents, upon expiry of the period or purpose, are destroyed physically or with a shredder<\/li>\n
        4. all data in written form are stored in binders, in locked cabinets<\/li>\n
        5. any subcontractors and employees are obliged to keep the passwords they use in their work safe from unauthorized access<\/li>\n
        6. any subcontractors and employees are familiar with the internal Personal Data Protection Policy, with a signed Confidentiality Statement<\/li>\n
        7. any external associates of the Agency (e.g. lawyers, appraisers, court experts, etc.) are and will be acquainted with the internal Personal Data Protection Policy, and with the need<\/li>\n
        8. to permanently treat the provided data as confidential, with a signed Confidentiality Statement<\/li>\n<\/ol>\n

           <\/strong><\/p>\n

          Article 25.<\/strong><\/p>\n

          25.1. Organizational measures for the protection of personal data include:<\/p>\n

            \n
          1. creation of records of processing activities regarding personal data files (records of personal data, as specified in Art. 7 of this Policy)<\/li>\n
          2. defining information provided to the data subject,<\/li>\n
          3. drafting of an internal Personal Data Protection Policy,<\/li>\n
          4. drafting of a Confidentiality Statement for employees and subcontractors, as well as for other possible associates of the Agency<\/li>\n
          5. where applicable, drafting of a Non-Disclosure Agreement<\/li>\n
          6. drafting of an online Privacy Policy<\/li>\n<\/ol>\n

             <\/p>\n

            Article 26.<\/strong><\/p>\n

            26.1. Personnel measures for the protection of personal data include (if applicable):<\/p>\n

              \n
            1. access to data is granted only to authorized persons employed by the Data Controller, or subcontractors, depending on the type of work they perform (with the appropriate Confidentiality Statement)<\/li>\n
            2. authorized persons have different levels of access to processing, depending on the type of work they perform, i.e., the amount of data they enter into the application<\/li>\n
            3. the Data Controller has access to advertising on the website<\/li>\n<\/ol>\n

               <\/p>\n

              XIII REPORTING IN CASE OF PERSONAL DATA BREACH<\/strong><\/p>\n

               <\/p>\n

              Article 27.<\/strong><\/p>\n

              27.1. The Data Controller shall, without undue delay and no later than 72 hours after becoming aware of a personal data breach, notify the supervisory authority (AZOP) of the breach of personal data, unless it is unlikely that the breach will result in a risk to the rights and freedoms of the individual.<\/p>\n

               <\/p>\n

              Article 28.<\/strong><\/p>\n

               <\/p>\n

              28.1. For reasons of delay in reporting within 72 hours, it is necessary to:<\/p>\n

                \n
              1. describe the nature of the personal data breach;<\/li>\n
              2. state the name and contact details of the Data Controller;<\/li>\n
              3. describe the possible consequences of the personal data breach;<\/li>\n
              4. describe the measures taken by the Data Controller to resolve the personal data breach.<\/li>\n<\/ol>\n

                 <\/p>\n

                Article 29.<\/strong><\/p>\n

                29.1. In the event of a personal data breach, the Data Controller shall, without undue delay, notify the data subject\/client of the breach of personal data. The notification shall state the nature of the personal data breach in clear and plain language.<\/p>\n

                 <\/p>\n

                XIV PROCEDURE IN CASE OF PERSONAL DATA PROCESSING BREACH<\/strong><\/p>\n

                 <\/p>\n

                Article 30.<\/strong><\/p>\n

                30.1. In the event of a personal data processing breach, it is necessary to:<\/p>\n

                  \n
                1. verify the purpose and scope of personal data collection<\/li>\n
                2. verify the source from which the personal data were processed<\/li>\n
                3. inform the data subject\/client in writing about the breach of their personal data<\/li>\n
                4. the Data Controller shall report the breach to the supervisory authority (AZOP) in writing<\/li>\n<\/ol>\n

                   <\/p>\n

                   <\/p>\n

                  XV FINAL PROVISIONS<\/strong><\/p>\n

                   <\/strong><\/p>\n

                  Article 31.<\/strong><\/p>\n

                  31.1. This Policy is harmonized with Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation) (Text with EEA relevance) (OJ L 119, 4.5.2016), as well as with the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42\/18), and entered into force on the date of its adoption, from which date it shall apply.<\/p>\n

                   <\/p>\n

                  Roel Real Estate d.o.o.<\/em><\/p>\n

                  represented by\/director Dina Ajel<\/em><\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

                  Personal Data Protection Policy     Pursuant to Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95\/46\/EC (General Data Protection Regulation), and the Act […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":16,"comment_status":"closed","ping_status":"closed","template":"redux-templates_full_width","meta":{"footnotes":""},"class_list":["post-294403","page","type-page","status-publish","hentry"],"yoast_head":"\nPersonal Data Protection Policy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Personal Data Protection Policy\" \/>\n<meta property=\"og:description\" content=\"Personal Data Protection Policy     Pursuant to Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95\/46\/EC (General Data Protection Regulation), and the Act […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/\" \/>\n<meta property=\"og:site_name\" content=\"Roel\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/roelnekretnine\/\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-11T00:29:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/roel.com.hr\/wp-content\/uploads\/2026\/05\/seo-20260527.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"20 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/\",\"url\":\"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/\",\"name\":\"Personal Data Protection Policy\",\"isPartOf\":{\"@id\":\"https:\/\/roel.com.hr\/#website\"},\"datePublished\":\"2025-09-10T10:20:04+00:00\",\"dateModified\":\"2025-09-11T00:29:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/roel.com.hr\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Personal Data Protection Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/roel.com.hr\/#website\",\"url\":\"https:\/\/roel.com.hr\/\",\"name\":\"Roel\",\"description\":\"Agencija za nekretnine\",\"publisher\":{\"@id\":\"https:\/\/roel.com.hr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/roel.com.hr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/roel.com.hr\/#organization\",\"name\":\"Roel Agencija za nekretnine\",\"url\":\"https:\/\/roel.com.hr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/roel.com.hr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/roel.com.hr\/wp-content\/uploads\/2016\/10\/Roel-Agencija-Agency.jpg\",\"contentUrl\":\"https:\/\/roel.com.hr\/wp-content\/uploads\/2016\/10\/Roel-Agencija-Agency.jpg\",\"width\":900,\"height\":900,\"caption\":\"Roel Agencija za nekretnine\"},\"image\":{\"@id\":\"https:\/\/roel.com.hr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/roelnekretnine\/\",\"https:\/\/www.youtube.com\/@roelnekretnine\",\"https:\/\/www.linkedin.com\/in\/maja-nikoli\u0107-b8685884\/\",\"https:\/\/www.instagram.com\/roelnekretnine\/\",\"https:\/\/www.pinterest.com\/roelrealestate\/\",\"https:\/\/www.nekretnine.hr\/agencije-nekretnina\/95529\/\",\"https:\/\/www.oglasnik.hr\/trgovina\/ROEL\",\"https:\/\/www.indomio.hr\/agencija\/roel\/19387\",\"https:\/\/www.njuskalo.hr\/agencija\/roelrealestate\",\"https:\/\/www.crozilla.com\/profil-agenta\/ROEL\/19387\/\",\"https:\/\/www.index.hr\/oglasi\/korisnik\/ROEL REAL ESTATE\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Personal Data Protection Policy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/","og_locale":"en_US","og_type":"article","og_title":"Personal Data Protection Policy","og_description":"Personal Data Protection Policy     Pursuant to Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95\/46\/EC (General Data Protection Regulation), and the Act […]","og_url":"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/","og_site_name":"Roel","article_publisher":"https:\/\/www.facebook.com\/roelnekretnine\/","article_modified_time":"2025-09-11T00:29:38+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/roel.com.hr\/wp-content\/uploads\/2026\/05\/seo-20260527.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"20 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/","url":"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/","name":"Personal Data Protection Policy","isPartOf":{"@id":"https:\/\/roel.com.hr\/#website"},"datePublished":"2025-09-10T10:20:04+00:00","dateModified":"2025-09-11T00:29:38+00:00","breadcrumb":{"@id":"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/roel.com.hr\/pravilnik-o-zastiti-osobnih-podataka\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/roel.com.hr\/en\/"},{"@type":"ListItem","position":2,"name":"Personal Data Protection Policy"}]},{"@type":"WebSite","@id":"https:\/\/roel.com.hr\/#website","url":"https:\/\/roel.com.hr\/","name":"Roel","description":"Agencija za nekretnine","publisher":{"@id":"https:\/\/roel.com.hr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/roel.com.hr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/roel.com.hr\/#organization","name":"Roel Agencija za nekretnine","url":"https:\/\/roel.com.hr\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/roel.com.hr\/#\/schema\/logo\/image\/","url":"https:\/\/roel.com.hr\/wp-content\/uploads\/2016\/10\/Roel-Agencija-Agency.jpg","contentUrl":"https:\/\/roel.com.hr\/wp-content\/uploads\/2016\/10\/Roel-Agencija-Agency.jpg","width":900,"height":900,"caption":"Roel Agencija za nekretnine"},"image":{"@id":"https:\/\/roel.com.hr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/roelnekretnine\/","https:\/\/www.youtube.com\/@roelnekretnine","https:\/\/www.linkedin.com\/in\/maja-nikoli\u0107-b8685884\/","https:\/\/www.instagram.com\/roelnekretnine\/","https:\/\/www.pinterest.com\/roelrealestate\/","https:\/\/www.nekretnine.hr\/agencije-nekretnina\/95529\/","https:\/\/www.oglasnik.hr\/trgovina\/ROEL","https:\/\/www.indomio.hr\/agencija\/roel\/19387","https:\/\/www.njuskalo.hr\/agencija\/roelrealestate","https:\/\/www.crozilla.com\/profil-agenta\/ROEL\/19387\/","https:\/\/www.index.hr\/oglasi\/korisnik\/ROEL REAL ESTATE"]}]}},"_links":{"self":[{"href":"https:\/\/roel.com.hr\/en\/wp-json\/wp\/v2\/pages\/294403"}],"collection":[{"href":"https:\/\/roel.com.hr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/roel.com.hr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/roel.com.hr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/roel.com.hr\/en\/wp-json\/wp\/v2\/comments?post=294403"}],"version-history":[{"count":0,"href":"https:\/\/roel.com.hr\/en\/wp-json\/wp\/v2\/pages\/294403\/revisions"}],"wp:attachment":[{"href":"https:\/\/roel.com.hr\/en\/wp-json\/wp\/v2\/media?parent=294403"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}