Privacy policy

Privacy policy Processing manager Fulfillment of the contract Who do we share your data with?Automated processing

PURPOSE OF THE NOTICE

The purpose of this Personal Data Processing Notice is to inform you about how we protect the privacy of data subjects’ personal information and the ways in which we collect and process data about business entities. Please read this notice carefully. 

We are aware that some of the business entity data we process may also constitute personal data, as it relates to an individual. Therefore, below we provide detailed information about the processing of personal data.

CompanyWall d.o.o. Zagreb, Ulica Divka Budaka 1D, OIB: 93441573210, MBS: 080838598, registered in the Court Register of the Commercial Court in Zagreb (hereinafter: CompanyWall or the controller)

Data Protection Officer

COMPANYWALL has appointed the following Data Protection Officer: Matjaž Šiška. For any questions concerning the processing of your data and the exercise of rights under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR) – OJ EU L119, in force since 25/05/2018, you may contact the Data Protection Officer as follows:
• by post to: COMPANYWALL d.o.o., Zagreb, Ulica Divka Budaka 1D, for the attention of the Data Protection Officer
• by e-mail to: gdpr@companywall.hr.

Data we process

As the controller, COMPANYWALL d.o.o. processes the following data of natural persons who are business entities (owners or holders of a craft, liberal profession, family agricultural holding, or another form of business activity, hereinafter collectively: craft or data subjects):

  • First and last name
  • Address and registered office
  • E-mail address
  • Telephone number
  • OIB (personal identification number)
  • Role/function (holder, authorised representative, owner)
  • Registration number (Crafts Register, chamber of which the data subject is a member, RPO, Family Farm Register)
  • Business entity number (Croatian Bureau of Statistics)
  • Business bank account number (TRR)
  • Information on TRR blockage
  • Information on dormancy, bankruptcy and liquidation (public court decisions)
  • Information on cessation of the craft and deletion from the relevant register

Legal bases for processing

Regulations

In processing data, COMPANYWALL primarily applies the following regulations:

Regulations:

  • General Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR) – OJ EU L119, in force since 25/05/2018.
  • Act on the Implementation of the General Data Protection Regulation (Official Gazette Nos. 42/18)
  • Act on the Right of Access to Information (Official Gazette Nos. 25/13, 85/15, 69/22)
  • Crafts Act (Official Gazette Nos. 143/13, 127/19, 41/20)
  • Electronic Commerce Act (Official Gazette Nos. 173/03, 67/08, 36/09, 130/11, 30/14, 32/19, 67/2025)
  • Act on the Enforcement on Monetary Funds (Official Gazette Nos. 68/18, 02/20, 46/20, 47/20)
  • Court Register Act (Official Gazette Nos. 95, 57/96, 1/98, 30/99, 45/99, 54/05, 40/07, 91/10, 90/11, 148/13, 93/14, 110/15, 40/19, 34/22, 123/23)
  • Personal Identification Number Act (Official Gazette No. 60/08)
  • Labour Act (Official Gazette Nos. 93/14, 127/17, 98/19, 151/22, 46/23, 64/23)
  • Ordinance on the Single Register of Accounts (Official Gazette No. 53/20)
  • Ordinance on the Method of Entry in the Court Register (Official Gazette No. 121/19)

The above regulations may be amended over time, in which case processing is based on the applicable amendments and supplements.

CompanyWall carries out its service activities by concluding service agreements with clients (service users) and on the basis of its general terms and conditions. As part of the services, information on the operations of business entities is provided on the CompanyWall portal.

Consent

CompanyWall d.o.o. processes the personal data of users of its services on the basis of their consent given when registering in the CompanyWall system.

Legitimate interest

CompanyWall assesses whether it has a legitimate interest in processing personal data where processing is not based on another legal ground. Such processing is based on the interest in providing users of the service, as well as the wider public, with transparent, complete and accurate information about the operations of business entities on the market so that individuals can make informed business decisions, including the prevention of business fraud, and safeguard business security. In doing so, we carefully assess, among other things, whether the data subject could reasonably expect, at the time and in the context of the collection of personal data, that the data would be processed for the relevant purpose. The controller has documented and examined the legitimate interest for the processing in the document “Legitimate Interest Balancing Test”.

Purpose of processing

CompanyWall collects, processes and uses personal data for the purpose of performing its registered activities, complying with legal obligations, and fulfilling the rights and obligations that CompanyWall is required to meet under concluded contracts.

Retention periods

The personal data collected are stored for as long as the purpose for which they were collected persists. The retention periods for personal data depend on the purpose for which such data are processed, legal requirements and business needs, and are precisely defined in the Personal Data Processing Policy, which is available on the CompanyWall portal and upon request by the data subject. The criteria used to determine the applicable retention period for the personal data listed in this Notice are that:

  • retention is necessary to achieve the relevant purpose, 
  • retention is required to maintain the business relationship with the data subject, 
  • retention is based on the data subject’s consent; and/or 
  • retention is determined by applicable statutory retention provisions.
     

Personal data related to the operations of sole traders are available to users of our services and to the wider public accessing our business portal https://www.companywall.hr/.
Our users are:

  • Business entities (companies, crafts/sole traders, and other entrepreneurs)
  • State authorities, public institutions, public agencies, public funds, and other public-law entities
  • Users, based on their explicit request, where an appropriate legal basis exists

We may share the personal data of our employees and other business partners who are natural persons with:

  • Our contracted partners (processors, accounting service, lawyers, and providers maintaining the CompanyWall portal)
  • The Tax Administration, compulsory insurance institutions, banks, and other public bodies when necessary to exercise the data subject’s rights, obligations, or interests

Transfers to third countries

We may transfer personal data to our contracted processor established in the United Kingdom of Great Britain and Northern Ireland, for which the European Commission has issued an adequacy decision regarding the level of personal data protection.

Sources of data collection

We collect personal data:

  • Directly from data subjects, upon registration in the CompanyWall portal system for the purpose of using the services, or by providing data in another manner (via e-mail or other means)
  • From public registers (telephone directories, websites, publications of commercial courts, the crafts register, the register of associations, the register of political parties, the register of public institutions, social networks)
  • From business contracts with public service providers (FINA)

Rights of data subjects

Data subjects have the following rights regarding the processing of their personal data:

  • Right of access;
    We enable you to access the data we process about you. This means you can contact us and we will provide a copy of which of your personal data we process and for what purpose.

  • Right to object;
    You may object to certain uses of personal data if the data are processed for purposes not necessary for performing our services or for fulfilling a legal obligation. You may also object to further processing after having previously given consent. If you object to further processing, this may limit your ability to use our services.

  • Right to restriction of processing;
    You have the right to request that we no longer process your personal data for certain purposes. In that case, we will not use the personal data in future for the purposes covered by your restriction.

  • Right to data portability;
    You have the right to have data relating to you sent to you in a structured, commonly used and machine-readable format so that you can transmit them to another controller. Please note this applies only to data we received directly from you.

  • Right to rectification;
    The individual to whom the personal data relate has the right to request that we rectify inaccurate or incomplete data we process about them without undue delay. If we obtain personal data from publicly available registers, please first contact the relevant authority directly to correct your data.

  • Right to erasure;
    You have the right to request the deletion of your personal data from our databases. We will comply with your request unless we establish that we have a legal basis for processing your personal data.

  • Right to lodge a complaint with the competent authority;
    If the data subject believes that the processing of data violates applicable law, they may also contact directly the authority competent for data protection (Croatian Personal Data Protection Agency) or the competent court.

  • Right to withdraw consent
    All personal data collected on the basis of consent will be deleted if the data subject withdraws consent, which may be done at any time. Withdrawal of consent means that CompanyWall will no longer process those data for the stated purposes. If the data subject wishes to withdraw consent for the processing of personal data, they may contact the authorised person at CompanyWall via: gdpr@companywall.hr.

On the Companywall.hr portal, we use automated data processing when retrieving data from public registers or other previously mentioned sources, as well as when displaying such data in an aggregated form on the CompanyWall portal. Part of our services also includes the creation of credit rating reports containing graphical representations of numerical data or automated classification of data for clarity and accessibility. This type of processing does not alter the content of the data. We do not make decisions that produce legal effects on data subjects.

For more detailed explanations of all parts of this Notice, as well as other aspects and circumstances of personal data processing, please refer to our Personal Data Processing Policy and other published documents.