GDPR Information

Your data protection rights and how we comply with European data protection regulations.

Last updated: January 2024

Our Commitment to Data Protection

Swift Rim d.o.o. takes data protection seriously. As a legal services provider based in Croatia, a member state of the European Union, we are fully subject to the General Data Protection Regulation (GDPR). This page provides detailed information about how we comply with GDPR requirements and how you can exercise your rights.

Data Controller Information

For the purposes of GDPR, the data controller is:

Swift Rim d.o.o.
Ulica grada Vukovara 284
10000 Zagreb, Croatia
Registration Number: 081234567
Email: [email protected]

We are responsible for deciding how your personal data is processed and for ensuring that processing complies with applicable law.

Categories of Personal Data We Process

Depending on the nature of our relationship with you, we may process the following categories of personal data:

Identity Data

  • Full name
  • Date and place of birth
  • Nationality
  • Personal identification number (OIB for Croatian residents)
  • Passport or ID card details

Contact Data

  • Email address
  • Postal address
  • Country of residence

Transaction Data

  • Details of properties you are purchasing
  • Payment information for our services
  • Contracts and legal documents
  • Correspondence regarding your transaction

Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Website usage data

Lawful Bases for Processing

GDPR requires that we have a valid legal basis for processing your personal data. We rely on the following lawful bases:

Performance of a Contract (Article 6(1)(b))

When you engage our legal services, we process your data to fulfill our contractual obligations. This includes conducting due diligence, preparing documents, and representing you in property transactions.

Legal Obligation (Article 6(1)(c))

We are required by law to retain certain records and may be obligated to share information with authorities. Examples include:

  • Anti-money laundering regulations requiring client identification
  • Professional regulations requiring retention of client files
  • Tax laws requiring financial record keeping

Legitimate Interests (Article 6(1)(f))

In some cases, we process data based on our legitimate business interests, provided these interests are not overridden by your rights. Examples include:

  • Website analytics to improve user experience
  • Security measures to protect our systems
  • Record keeping for potential legal claims

Consent (Article 6(1)(a))

For certain processing activities, particularly marketing communications and non-essential cookies, we rely on your consent. You can withdraw consent at any time.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data along with information about how and why we process it.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and completion of incomplete personal data we hold about you.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected or you withdraw consent. Note that legal and professional obligations may require us to retain certain data.

Right to Restriction of Processing (Article 18)

You can request that we limit how we use your data while a complaint or concern is being resolved, or where you have objected to processing pending verification of legitimate grounds.

Right to Data Portability (Article 20)

You have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit that data to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making in our legal services.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. Include the following information:

  • Your full name and contact details
  • A description of the right you wish to exercise
  • Any relevant details to help us locate your data

We will respond to your request within one month. In complex cases or if we receive many requests, we may extend this period by up to two additional months, but we will inform you of any extension within the first month.

We may need to verify your identity before processing your request. We will not charge a fee unless your request is manifestly unfounded or excessive.

Data Protection Impact Assessments

For processing activities that are likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) as required by Article 35 of GDPR. This helps us identify and mitigate potential privacy risks.

International Data Transfers

We primarily process data within Croatia and the European Economic Area. When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Transfers to countries with adequacy decisions from the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Other appropriate safeguards as specified in GDPR Chapter V

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Croatian Data Protection Agency within 72 hours of becoming aware of it. Where the breach is likely to result in a high risk, we will also notify affected individuals directly.

Record Keeping

We maintain records of our processing activities as required by Article 30 of GDPR. These records document what data we process, why, and the measures we have in place to protect it.

Staff Training

Our staff receive regular training on data protection principles and procedures. This ensures that everyone who handles personal data understands their responsibilities under GDPR.

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency:

Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136
10000 Zagreb, Croatia
Website: azop.hr

We encourage you to contact us first so we have the opportunity to address your concerns directly.

Updates to This Information

We review this GDPR information regularly and may update it to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Further Questions

If you have any questions about this GDPR information or our data protection practices, please contact us at [email protected].