Finum d.o.o. (Ltd) is a company established in Zagreb, Fancevljev prilaz 6, ID no. (OIB): 12689097416, company registration number (MBS): 080272154 (hereinafter: Finum), which in the sense of General Data Protection Regulation (EU) 2016/679 from 27 April 2016 (OJ EU L 119 from 4 May 2016, amendment L 127/2 from 23 May 2018, hereinafter: GDPR) and Law on GDPR Implementation (Official Gazette 42/2018; hereinafter the Law) is considered to be personal data controller..

Finum is a Croatian outsourcing company in the field of providing services in accounting, audit, business consulting and human resources.

The aim of this statement is to transparently clarify which personal data Finum collects, the manner and purpose for which data is processed, as well as to clarify your rights and other details significant for processing and protecting personal data.

Your personal data is processed according to GDPR and the Law, as well as other relevant laws and regulations.

If you have any questions, comments and demands in terms of exercising your rights, feel free to contact us using one of the following:


  1. e-mail address:
  2. letter on address: Fancevljev prilaz 6, 10 000 Zagreb
  3. contact form on our website




This statement uses the following terms and their meaning according to GDPR:

– „personal data” – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


„processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;




Finum can collect your personal data in following ways:


  1. if you conclude a contract or use our services;
  2. if you contact us – for example, if you fill out the contact form on our website, if you submit a request to use our services via e-mail or any other way, if you register to receive our newsletter, if you request a pro-forma invoice, offer or similar, if you request any other information or if you contact us for any other reason (newsletter) ili zatražite dostavu predračuna ili ponude i slično ili zatražite kakve druge informacije ili nas kontaktirate iz kojeg drugog razloga;
  3. if you participate in our survey, contest, advertising campaign or similar, for example by answering questions, entering data, etc.;
  4. if you visit or browse our website;
  5. if you visit or follow our website via social networks, such as Facebook, Twitter, Instagram, YouTube or other, or if you perform a certain activity or interaction on such networks (e.g. “like”, “comment”, “share”);
  6. if third parties have lawfully forwarded your personal data to us, or if we collect such data from publicly available registries or other databases;


if you submit personal data concerning another person, we assume that you are authorized for such disclosure or submission, and/or you have obtained consent from the person whose data is being submitted.




In the course of business activities, Finum collects and processes personal data of their clients, i.e. contracting parties and other individuals, depending on circumstances, such as:


  1. first and last name, ID no. (OIB), gender, place, country and date of birth, citizenship;
  2. address of domicile/residence (street and house number, city and postal code, country), telephone and/or cell phone and/or fax number, e-mail address;
  3. passport, identity card or other identification document issued by a competent state authority and its number;
  4. data about location, if applicable and if you have enabled it on your device(s);
  5. IP address;
  6. technical data (number of visits to our website, etc.).


We collect personal data based on the principle of necessity in terms of fulfilling lawful purposes of processing.




Your personal data is collected and processed in order to:


  1. fulfill our contractual obligations and provide you with the requested or arranged services;
  2. fulfill obligations prescribed in applicable legislation and regulations;
  3. deliver to you the information and/or offers and/or anything else you have asked from us;
  4. deliver our (newsletter);
  5. manage and conduct surveys and/or contests and/or marketing campaigns or similar,

  6. manage, analyze, administer our website;
  7. manage, analyze and administer our pages i.e. profiles on social networks;
  8. provide information about important news such as amendments to our Terms of Use and/or other modifications of information relevant to our business.




Performance of a contract


If you arrange or use our services, we collect and process the following data: your first and last name, ID no. (OIB), nationality, address (street and house number, city and postal code, country), telephone and/or cell phone and/or fax number, e-mail address.


The mentioned personal data is collected for the purposes of performing the services we provide, and executing business processes, including solving client’s requests and disputes with clients as service users.


If you have arranged or if you use our services, it is necessary we collect certain personal data concerning you in order to be able to fulfill our contractual obligations and provide you with the services you have ordered or arranged.


Respecting and fulfilling legal obligations

The laws and regulations applied in the territory of the Republic of Croatia prescribe and impose certain obligations to us as the controller, requiring that we collect and process certain personal data for lawful purposes and that in certain cases we deliver such data to the competent authorities.


Legitimate interest


In certain cases, we have a legitimate interest to collect and process your personal data.


Your IP address is collected and processed because we believe it is our legitimate interest to protect ourselves from fraud, and to protect and ensure security, but we also use such data to analyze, for statistical purposes among others, the number of visits and the use of our website.


If you are already a client or if you already use our services, your first and last name, address (street and house number, city and zip code, country), telephone and/or cell phone and/or fax number, and e-mail address are used to send newsletters, marketing messages, service announcements and/or benefits, all because we believe that we have a legitimate interest to do so. It is important to emphasize that you can unsubscribe at any time from such a list of recipients.  




In certain cases, we can collect and process your personal data only if you have given us consent to do so. It is important to mention that you have the right to withdraw consent at any time by contacting us as set out in Article 1 of this statement (”Introduction and Our Contact Details”). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.





Certain personal data we collect can be forwarded or disclosed to entities that take certain actions on our behalf or provide certain services, such as accounting, attorneys, and others, which are considered to be processors in terms of GDPR.


The processor is an entity which provides sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject. Therefore, in such cases, these entities or processors are bound and limited by the agreement on data processing concluded with us, which determines which personal data may be processed by a certain processor and for which purposes.


Your data may be forwarded or disclosed to trusted business partners whose services are indispensable to us in the provision of our services or parts of services, such as real-time credit and debit card authorizations.


We are obliged to forward or disclose certain personal data we collect to competent authorities when such obligation is provided for by relevant laws and regulations, or when necessary in order to protect our rights, assets or security.


LINKS (Links)


On our website you can find links to third-party websites related to our business activities. We have listed them because we believe they might be necessary or useful to our clients.


Please note that the websites we have linked are beyond the scope of this statement, and we cannot be held accountable for such websites as they are third-party websites which are subject to their own terms and conditions of personal data protection.




Our website uses cookies in order to work properly, so that we could make further improvements to our website in order to improve your browsing experience. This means that our website has to save a small file (the so-called cookie) to your computer, cell phone or other device. Cookies saved to your device allow us to recognize you on various websites, services, devices, and/or viewing sessions, and to store certain information and preferences.


Before saving cookies, we must ask for your consent. A notification on cookies and a request for consent appear when you open our website. If you decline or disable cookies, you may not be able to use some of the functionality of our website or its part.


Our website uses temporary cookies or session cookies which are removed from the computer after you close the browser. We use temporary cookies to allow you access to content.


We also use permanent or saved cookies which remain on your computer after you close the browser. Our website uses permanent cookies for functionalities such as “stay logged in”, which makes it easier for users to access the portal as registered users. We use permanent cookies to better understand the habits of the user, so that we can improve our website based on your habits. This information is anonymous – we do not see individual/personal user data.


Koristimo i kolačiće treće strane koji dolaze s reklama drugih Internet-mjesta (kao što su skočne ili bilo koje druge reklame) koje se nalaze na Internet-mjestu koje gledate. Postoji nekoliko vanjskih servisa koji korisniku spremaju limitirane kolačiće. Ovi kolačići postavljeni su za normalno funkcioniranje određenih mogućnosti koje korisnicima olakšavaju pristup sadržaju.


We also use third-party cookies which come from ads of other websites (such as pop-ups or other ads) which are located on the website you’re browsing. There are several external services that save limited duration cookies to a user. These cookies are set up for normal functioning of certain features that make it easier for users to access content. Cookies can also be set up if you use social networks, if you visit or follow our pages on social networks or similar, or if you’ve performed a certain activity or interaction (e.g. “like”, “comment”, “share”) on social networks, such as Facebook, Twitter, Instagram, YouTube and others


Cookie preferences and settings may vary depending on device, operating system, and Internet browser you are using.


For more information visit and


Data on your IP address is collected primarily for security and technical reasons, but also for the purposes of statistics and analysis, as well as improvement of quality of the services we provide.


Our website uses Google Analytics to track data on visits. Data is collected through third-party cookies and IP addresses. Google Analytics keeps the data permanently, but the user can delete or withhold such data.


For more information visit


For general information about how Google uses the data collected from our website, visit




Your personal data shall not be kept longer than it is necessary to fulfill or achieve the purpose for which they were collected. Normally, personal data of the contracting parties is kept permanently, while personal data of the persons subscribed to the (newsletter) – is kept until the withdrawal of consent or until the person unsubscribes from the list of recipients; personal data of persons who have contacted us for some reason is kept throughout the course of communication, etc.


When your personal data is no longer necessary or the basis of their processing expires, we delete such data from our system, i.e. we destroy documents which contain such data, depending on the case.


Above provisions of this Article shall not apply if the relevant laws and/or regulations require personal data must be kept longer for a particular purpose or if it is necessary and/or permitted for any other reason.




In terms of security and protection of your personal data, we do our best to apply appropriate technical and organizational measures in order to protect them. Unfortunately, however, no one can guarantee that the transmission or retention, or any other system or measure regarding personal data is 100 % secure.




We send newsletters and marketing messages if you have given us consent to do so, i.e. in line with our legitimate interests of informing you about our products and services. Consent can be withdrawn at any time by contacting us as set out in Article 1 of this statement (”Introduction and Our Contact Details”), or you can simply unsubscribe from the list of recipients using the option “unsubscribe” or “log out” on our website.




According to GDPR, you have certain rights regarding your personal data, as set out below. You can exercise your rights at any time by contacting us as set out in Article 1 of this statement (”Introduction and Our Contact Details”).


Right to access


You have the right to request and obtain confirmation from us as the controller whether your personal data is processed, and if such data is processed, you have the right of access to personal data and information in accordance with Article 15 of GDPR.


Right to rectification


You have the right to request from us as the controller to rectify inaccurate or incomplete personal data concerning you.


Right to erasure


You have the right to request from us as the controller to erase personal data concerning you, and we shall erase personal data without undue delay if one of the conditions referred to in Article 17 (1) of GDPR is met.


The right to erasure of personal data is not an absolute right and does not go beyond our obligations under the applicable laws and regulations. Therefore, in certain situations we will not be able to erase personal data as their processing is necessary to a certain extent.


Right to restriction of processing


You have the right to request from us as the controller to restrict processing of your personal data where one of the following applies:


  1. you contest the accuracy of the personal data, for a period enabling us as the controller to verify the accuracy of the personal data; or
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
  3. we as the controller no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
  4. you have objected to processing pending the verification whether our legitimate grounds as the controller override your grounds.


Right to data portability


You have the right to request and receive the personal data concerning you, which you have provided to us as the controller, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller if the conditions referred to in Article 20 (1) of GDPR are met.


Right to object


You have, at any time, on the grounds of your specific situation, the right to object to processing of your personal data based on a legitimate interest, unless the grounds for such processing override the right to protection of personal data.


Right to lodge a complaint with a supervisory authority


We shall process your data in accordance with GDPR, other applicable laws and regulations, and apply organizational and technical measures to protect your personal data.


However, if you believe your personal data is being processed unlawfully, and you believe we cannot work together toward a solution of your situation, you have the right to lodge a complaint with a supervisory authority, i.e. the Croatian Personal Data Protection Agency established in Zagreb, Martićeva 14.


For more information visit the official website




For all of your questions, comments and requests regarding exercising your rights under Article 13 of this statement, please contact us as set out in Article 1 of this statement (”Introduction and Our Contact Details”).


When making the request to exercise any of your rights under Article 13 of this statement, we ask that you clearly specify the subject of your request and which personal data is concerned. Please note that we will need to verify your identity before acting upon your request, on the grounds of our and your security. Therefore, we might contact you regarding your request.


Each request will be taken into consideration, and we will seek to act upon it within a reasonable period. Please keep in mind that certain circumstances may cause a lag in handling your request, for example if we receive a lot of requests in the same period of time.


If you have requested the exercise of a right, such as erasure, or you have withdrawn your consent, we may keep personal data or part of such data we have collected if we are obliged to do so under the laws and obligations or other reasons, for example in order to complete a transaction initiated prior to making the request.




We, as the controller, monitor the situation regarding the protection of personal data and, where necessary, improve the measures for protection and other important issues. Therefore, we reserve the right to periodically amend this statement.


You will be notified on amendments to this statement on our website, where you can find the applicable version of the statement.


Zagreb, 5 September 2018