Privacy Policy

1. Introductory Provisions
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016., hereinafter: the “General Regulation”), the company Futura Premium Estate d.o.o., with its registered seat in Zagreb, Ulica Gornji Bukovac 107, OIB: 77664021775 (hereinafter: the Data Controller), has adopted this Privacy Policy in order to inform the clients of the Data Controller (hereinafter: the “Client”) about their rights regarding the collection and further processing of personal data and for the purpose of protecting their privacy.

2. Definitions
“Personal data” means any information relating to a Client whose identity is established or can be established (“data subject”);

“Data subject” is an individual whose identity can be determined directly or indirectly, in particular by reference to identifiers such as: name, identification number, location data, online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated or non-automated means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure

“Recipient” means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not;

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, the Data Controller, the Data Processor or persons authorised to process personal data under the direct authority of the Data Controller or Data Processor;

“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller;

“Client” means any natural or legal person with whom the Data Controller concludes or enters into negotiations for concluding a Brokerage Agreement or who contacts the Data Controller with any other inquiry or request related to the business activities of the Data Controller.

“Brokerage Agreement” means any agreement by which the Data Controller undertakes to bring into contact with the Client a person who would negotiate with the Client for the conclusion of a specific contract, and the Client undertakes to pay a certain commission if the contract is concluded.

3. Principles of Personal Data Processing
The Data Controller adopts the following principles which it adheres to when processing personal data:

Principle of lawfulness, fairness and transparency – any processing of personal data must be based on a specific legal basis, and individuals must be informed about the processing and its purposes; the Data Controller is obliged to provide the data subject with all additional information necessary to ensure fair and transparent processing, taking into account the specific circumstances and context of processing;

Purpose limitation principle – personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is permitted;

Data minimisation principle – personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

Accuracy principle – personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data are erased or rectified without delay;

Storage limitation principle – personal data must be kept in a form which permits identification of data subjects only for as long as necessary for the purposes for which the data are processed; longer storage periods are permitted solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to appropriate safeguards;

Integrity and confidentiality principle – personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage;

Accountability principle – the Data Controller is responsible for compliance with the above principles and must be able to demonstrate such compliance.

4. Personal Data Collected and Purpose of Processing
Personal data of the Data Controller’s Clients include: name and surname, residential address, personal identification number (OIB), date of birth, citizenship, and other personal data necessary for fulfilling the obligations of the Data Controller in executing the Brokerage Agreement concluded with the Client or data provided by the Client through questionnaires available on the Data Controller’s website.
The purpose of processing such personal data is to fulfil the rights and obligations arising from the Brokerage Agreement or from inquiries submitted by the Client via the Data Controller’s website.

5. Legal Basis for Processing Personal Data
Personal data referred to in section 4 – processing is necessary for the performance of the Brokerage Agreement to which the data subject is a party / processing is necessary for responding to a Client’s inquiry.

In all other cases, the Data Controller will request the data subject’s consent for collecting and processing personal data, with the purpose of processing clearly stated. The data subject may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Recipients of Personal Data and Data Processors
If required by the purpose of processing or by legal obligation, the Data Controller may disclose (transfer) personal data to other natural or legal persons, public authorities, agencies or other bodies. In all other cases, the Data Controller does not disclose personal data to third parties.

For full transparency, below is a list of categories of recipients of personal data:

  • external accounting service providers with whom the Data Controller has concluded a written agreement in accordance with the General Regulation;
  • tax authorities;
  • Anti-Money Laundering Office;
  • inspection authorities;
  • courts;
  • the bank where the Client holds an account;
  • business partners where necessary for regular business operations;
  • other public authorities where required by law.

7. Personal Data Protection Measures
The Data Controller implements the following technical and organisational measures:

  • Personal data are stored in written (paper) and electronic form.
  • Paper data are kept in locked cabinets or secured premises accessible only to authorised persons.
  • Electronic data are stored using secure methods (passwords, access rights, and other safeguards).
  • Persons responsible for processing must take appropriate technical, personnel and organisational measures to prevent loss, destruction, unauthorised access, alteration or misuse.
  • Paper data are destroyed by shredding or other secure methods or returned to the data subject.
  • Electronic data are permanently deleted from all storage media.

8. Records of Personal Data
The Data Controller maintains records of personal data collections including:

  • name and address of the controller;
  • name of the data set;
  • purpose of processing;
  • processing periods;
  • method of data collection;
  • legal basis;
  • recipients;
  • protection measures;
  • retention period.

9. Retention Period
Personal data are stored for as long as necessary depending on the purpose or legal obligations. Data are deleted without delay once the purpose is fulfilled.

Where legal obligations apply (e.g. accounting or tax laws), data are retained in accordance with applicable regulations.

10. Rights of the Data Subject
The Data Controller ensures the following rights:

A. Right of access;
B. Right to rectification;
C. Right to erasure (“right to be forgotten”);
D. Right to restriction;
E. Right to data portability;
F. Right to object.

The data subject also has the right to lodge a complaint with the competent authority (Croatian Personal Data Protection Agency).

(Detailed rights remain structurally identical and are preserved as in the original text.)

11. Contact Information
For all questions:

Futura Premium Estate d.o.o.
Grad Zagreb, Ulica Gornji Bukovac 107
e-mail: goran@futura-premium.hr

12. Final Provisions
This Privacy Policy is published on the Data Controller’s website and enters into force on the date of publication.

Any amendments will be published in the same manner. Clients are advised to regularly review the Policy to stay informed about their rights and obligations.