Skip to main content

Personal Data Protection Policy

European Union and Republic of Croatia Personal Data Processing Information

We process your personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation), and in accordance with the national Law on the Implementation of the General Data Protection Regulation.

The General Data Protection Regulation contains a set of rules that ensure that the processing of personal data is carried out in accordance with the rights and fundamental freedoms of individuals and allows for the free movement of personal data within the EU, while respecting the rules of security and transparent data processing. The General Data Protection Regulation is directly applicable in all EU member states, ensuring uniform and consistent treatment of personal data protection in all member states.

In accordance with Article 13 and Article 14 of the General Data Protection Regulation, these personal data protection information provides information on how we process your personal data, what rights you have regarding the processing and protection of personal data, and how you can exercise those rights.

We process and use your personal data in accordance with the principles of lawfulness, fairness, transparency, accuracy, minimization of data processing, restriction of purpose and storage of data, confidentiality, and integrity. We protect the security of your personal data from unauthorized or unlawful processing, applying the highest technical, security, and organizational measures of protection.

Data Controller
Financial Agency
Vukovar City Street 70, 10,000 Zagreb
Phone: 0800 0080

Fina acts as the data controller, which means that it independently determines the purpose and means of data processing in relation to individuals (data subjects) with whom it contracts, for example, when contracting its own products and services.

Data Protection Officer
Fina has appointed a Data Protection Officer (DPO), as prescribed in Article 37 of the General Data Protection Regulation. You can contact the Data Protection Officer regarding questions related to the processing of your personal data at Fina and/or the exercise of rights provided by the General Data Protection Regulation.

Financial Agency
Vukovar City Street 70, 10,000 Zagreb

Purpose and Legal Basis for the Processing of Personal Data

In order to establish a business relationship with you and provide you with a high-quality service, it is necessary for you to share certain personal data with us (name, address, OIB [Personal Identification Number], phone number, etc.). In such cases, the collection and processing of personal data are carried out for the purpose of fulfilling a contract in which you are a party or to take certain actions at your request before concluding a contract (Article 6, paragraph 1, point (b) of the General Data Protection Regulation). Additionally, the mentioned data may be collected based on Fina's legitimate interests as the data controller (Article 6, paragraph 1, point (f) of the General Data Protection Regulation), for example, for the purpose of preventing fraud and abuse in business and for preventing money laundering and terrorist financing. When collecting personal data, we adhere to the principle of collecting the minimum necessary number of personal data for a specific lawful purpose.

We also collect and process personal data for the purpose of performing tasks of public interest and our official authority and for compliance with legal obligations in accordance with Croatian law or other regulations of the Republic of Croatia and EU law (Article 6, paragraph 1, points (c) and (e) of the General Data Protection Regulation).

Use of Cookies

On our official website, we use so-called "cookies," which are text files that your browser stores on your computer or mobile device when you visit our website. This allows our website to recognize your computer or mobile device when you return, providing you with a customized experience while using our website.

In addition to cookies that you can disable, we use "essential" cookies on our website, which are important for the proper functioning of the site. Although you cannot disable these cookies, please note that they do not collect your personal data, and therefore, your consent is not required for their use. Your browser allows you to block or receive notifications about these cookies, but such settings may result in limited functionality of certain parts of our website. Please be aware that our website can only function optimally if these cookies are enabled. More information can be found at the following link: Cookie Policy

Rights Regarding the Processing of Personal Data

Fina accepts requests for the fulfillment of rights related to your personal data, exclusively for the processing of personal data in which Fina acts as the data controller. Complaints about the quality of a specific service, regardless of personal data protection, can be submitted in the manner prescribed for each service.

To exercise your rights regarding personal data, you can contact us at any Fina branch (by completing and submitting a complaint form), in writing to the address of Fina as the data controller, or via email to the Data Protection Officer.

As a data subject, you have the right to access personal data, correct personal data, and object to the processing of personal data. You also have the right to erasure of personal data ("right to be forgotten") and the right to restrict the processing of personal data, unless it is contrary to regulations that require us to retain certain data (e.g., legal retention periods) or if such data is necessary for proceedings before competent authorities.

Sharing Personal Data

We may provide your personal data to providers of information technology and communication solutions and services who act as data processors. We have concluded contracts with these data processors that specify in detail how personal data should be handled, taking into account that data processors have the ability to access personal data and process it in accordance with Fina's instructions as the data controller.

Please note that, under certain circumstances, we have a legal obligation, which may arise from national regulations or EU regulations, to provide your personal data to other recipients, but only to the extent necessary to achieve the specified purpose.

Security of Personal Data

We are aware of the importance that personal data represents for each individual, and therefore, it is extremely important for us to act in accordance with applicable regulations and to continuously work on maintaining and improving the security of your personal data. We collect and process personal data in a way that ensures an appropriate level of security and reliability in their processing. We enable the effective application of data protection principles, the reduction of data, the reduction of the scope of personal data processing, the restriction of storage periods, and the principles of availability, accuracy, and transparency of processing. We take all appropriate technical and organizational measures to protect against accidental or unlawful destruction of data, data loss, alteration, unauthorized use, disclosure, or access to data.

Retention Period of Personal Data

We process and store your personal data until the purpose of processing personal data is fulfilled. After the purpose for which they were collected has ceased, such as the duration of the contracted service, we no longer use your personal data. They remain in our storage system, and we keep them as long as legal regulations require, after which we securely delete them in accordance with the deadlines defined by legal regulations or internal acts for each service.

Complaint to the Supervisory Authority

If you believe that there has been a breach of your personal data and you are not satisfied with the response you received from Fina, you can file a complaint with the supervisory authority - the Croatian Personal Data Protection Agency, Selska cesta 136, 10,000 Zagreb, tel. 01/4609 999,,

Changes to Personal Data Processing Information

We regularly update information about the processing of personal data and reserve the right to change the content in accordance with any arising changes.

  • Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.