The company Regent d.o.o., with its registered office in Zagreb, Nova Ves 17, personal identification number (OIB): 81223221931 (hereinafter referred to as "Regent" or "Controller") pays special attention to the protection of personal data and processes them in full in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on
protection of natural persons with regard to the processing of personal data and on the free movement of such data – General Data Protection Regulation (hereinafter referred to as the 'General Regulation').

Notions

In terms of this Privacy Policy, the terms listed below have the following meaning:

'Personal data' means any data relating to an identified or identifiable natural person(s); an identifiable natural person is an identifiable person who can be identified, directly or indirectly, in particular on the basis of the name of the identification number, location data, online identifier or with the help of one or more characteristics specific to his or her physical, physiological, mental, economic, cultural or social identity;

'Processing' means any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"Data subject" means a natural person (an individual) whose identity can be identified directly or indirectly, in particular on the basis of name, identification number, location data, online identifier or by means of one or more characteristics specific to his or her physical, physiological, mental, economic, cultural or social identity;

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

'Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Purpose and legal basis for the processing of personal data

Regent processes only those data that are necessary to achieve a particular lawful purpose and only if and to the extent that at least one of the following is fulfilled:

1. Processing is necessary for the performance of a contract to which the data subject is a party or in order to take action at the request of the data subject prior to the conclusion of the contract, namely:
   – in order to fulfil obligations under concluded mediation contracts or to take action at the request of the data subject;
   – in order to fulfil obligations under concluded business cooperation agreements.
   Personal data collected for this purpose are: name and surname, address, OIB, e-mail address, home and/or mobile phone number, _______, _______. The personal data in question are collected directly from the data subject, as well as by inspecting public registers (e.g. land registry, cadastre, etc.). The data subject is not obliged to provide the personal data in question, but in this case Regent will not be able to conclude a contract and/or perform certain actions relating to the performance of the contract and/or provide the requested services. These personal data are kept for a maximum of 6 years from the termination of the contractual relationship and /or the execution of the requested action, unless a longer retention period is specified by some applicable regulation or if the data in question are evidence in court, administrative arbitration or other equivalent proceedings.
2. Processing is necessary in order to comply with the legal obligations of the Controller, namely:
   – in order to comply with the obligations prescribed by the Real Estate Brokerage Act, the Anti-Money Laundering and Terrorist Financing Act, the General Regulation and other regulations relating to the business activity of Regent. Personal data collected for this purpose are: name and surname, address, OIB, date and place of birth, identification document data, political exposure data, _______, _______. Regent collects personal data based on this legal basis exclusively for the purposes and to the extent necessary for the fulfillment of legal obligations and keeps them for the period prescribed by applicable regulations. In the event of entering into a business relationship with Regent, the data subject will be obliged to provide Regent with personal data, which, given the specific relationship, Regent is obliged to collect in accordance with the applicable regulations. If the data subject denies the provision of the requested personal data, Regent will not be able to conclude a contract and/or fulfil the obligations and/or provide the requested services.
3. Processing is necessary for the purposes of the legitimate interests pursued by Regent or a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child, namely:
   – In order to protect persons and property, video surveillance of regent's business premises is carried out. The personal data collected for this purpose are: videos about persons entering and leaving regent's business premises, i.e. data on the presence of persons in the space covered by the recording. Videos can be submitted to the competent authorities (police, court) at their request if the same is necessary for conducting procedures based on special regulations. Videos shall be kept for a maximum of 6 months, unless, for each case, a longer retention period is stipulated by applicable regulations or if the evidence is in court, administrative, arbitration or other equivalent proceedings.
4. The data subject has given consent to the processing of his or her personal data for one or more specific purposes, namely:
   – by visiting the Regent (www.regent.hr) website, the data subject may consent to the processing of personal data using the so-called cookies for the purpose of better
5. Functioning of all features of the website and providing a better user experience (see below). The data subject may at any time withdraw the consent in the same way, but the same does not affect the lawfulness of processing based on consent before it was withdrawn.

In any other cases of processing of personal data, Regent shall inform the data subject beforehand and provide him with all information on the details of the processing in accordance with the provisions of the General Regulation.

Cookies

This website uses cookies. A cookie is a small text file with information about the user's activities and settings and is stored on his device when visiting websites. A cookie usually consists of several data: internet domain of origin, user identification, cookie expiration date and security features. Cookies usually store user preferences regarding the website, such as preferred language or address. Certain information stored by cookies is also used to track user preferences in order to improve services, targeted marketing, etc. The next time you visit the same website on the same device, the browser sends a cookie and the information stored in it to the website that generated it (first-party cookie) or to another website to which the cookie relates (third-party cookie). This allows the site to display information tailored to your needs.

The Regent website uses the following types of cookies:

• Necessary (technical, mandatory) cookies – cookies without which the website cannot function or its functioning would be associated with significant difficulties, and which as such cannot be excluded and the use of this type of cookie does not require user consent. However, they can be turned off in the internet browser settings on the user's device, but in this case some parts of the site will not
  work. This type of cookie does not store any information that could identify the user.
• Functional cookies – improve functions and personalization by recording selections and adjustments made during visits to the website. These cookies are used to store, for example, the selection of the preferred language. These cookies can be turned off.
• Analytical (statistical) cookies – collect information on how visitors use the website, for example which pages visitors most often visit, for the purpose of internal research on possible ways to improve the service it provides to all users. The information collected by these cookies is anonymous and is used to improve the functioning of the website. These cookies can be turned off.

Functional and analytical cookies can be refused (turned off) on the first visit to the Regent website, and later re-turned on by selecting the menu at the bottom of the "Cookie Settings" page and vice versa.

Forwarding data

The personal data collected are not transferred to third countries, however they can be transferred to third parties in cases where it is determined by the mandatory regulation (e.g. a request from a competent authority), when the same is necessary for the purpose of doing so.
the performance of a contract concluded with the data subject or when Regent has contracted with third parties as subcontractors to perform a specific job as a processor (e.g. IT support, accounting service, postal and other delivery service provider, etc.).

Regent will entrust certain tasks related to the processing of personal data only to processors that provide sufficient guarantees regarding the exercise of appropriate personal data protection measures and will conclude a contract with them in which mutual rights and obligations will be regulated in accordance with the provisions of the General Regulation.

Security of personal data

Regent collects and processes personal data in such a way as to ensure appropriate security and confidentiality in their processing and enables the effective application of the principles of data protection, data minimization, storage restrictions, etc.

Regent takes appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized use, access to data, theft or any other breach and misuse, including inter alia:

• implementmeasures to prevent unauthorized use of IT systems (such as password protection) with regular updating of programs (software) and antivirus protection;
• limiting access to electronic storage media only to authorised persons who can access the data only by entering a username and password;
• limiting physical access to premises where documents containing personal data are kept only to authorised persons;
• obliging all employees to keep personal data by signing a confidentiality statement;
• binding all subcontractors to protect the personal data of the data subject through appropriate contractual clauses.

Retention period of personal data

Personal data are kept for as long as necessary for the execution of the lawful purpose for which they were collected, after which they are permanently deleted or anonymized, and for the longest time until the expiration of the deadlines prescribed by the applicable regulations.

Rights of data subjects

Data subjects have the right to:

• the right to access the personal data of data subjects processed by Regent and to information relating to the processing in question prescribed by the General Regulation;
• the right to rectification of inaccurate personal data concerning him or her, including the right to have incomplete personal data completed;
• the right to erasure of personal data concerning him or her without undue delay if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, and in other cases laid down in the General Regulation;
• the right to restriction of processing if any of the conditions laid down in the General Regulation is met;
• the right to data portability, or the right to receive the personal data concerning him or her, in a structured, commonly used and machine-readable format.
  the conclusion of the contract, and the processing is carried out by automated means.
• the right to object to the processing of his or her personal data, i.e. the right to report a suspected breach of his or her personal data, which the data subject can exercise by contacting Regent via the contact details published on this website or by contacting the supervisory authority

Contact information

In case of questions regarding the processing of personal data by Regent, you can contact us via the contact details published on the Regent website.

Changes to the Privacy Policy

Regent reserves the right to amend and/or amend this Privacy Policy from time to time and it will be available at any time on the Regent website.