10. 09. 2022.

Privacy Policy

Who are we

The leading service providers in the field of information security for companies, institutions, and other organisations, irrespective of their size and industry. We exist since 2007 and our registered seat is in Zagreb.

We are Diverto d.o.o. (hereinafter: We or Diverto or the Data Controller) and pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), which entered into force on 25 May 2018.

With this Privacy Policy, we confirm that your security and privacy during the visit to our websites comes first. We do not intend and shall not share your personal data collected through this website with third parties without your knowledge.

Why do we collect personal data

As the Data Controller, we are obliged to inform you about the reasons why we collect personal data. By visiting our websites and voluntarily providing your e-mail address, we are able to contact you.

Considering the above-mentioned and the possibility of sending your personal data to us by e-mail, we list some of the possible situations and processing purposes below:

  • 1. Inquiries regarding the services we offer

    When contacting Diverto and asking for information regarding the services, your data (name and surname, address, e-mail address and possible telephone number) can be used based on the legitimate interest of Diverto to develop the relationship further and possible conclusion of a service contract. The data shall be kept for 2 years in case a contract is not concluded or 11 years from the last executed transaction under the contract.

  • 2. Inquiries regarding business cooperation

    When contacting Diverto and asking for information regarding the services, your contact data (name and surname, address, e-mail address and possible telephone number), as well as the description of the desired cooperation shall be for the purpose of carrying out pre-contractual actions and concluding a contract, for the purpose of developing the relationship further and possible conclusion of a business cooperation contract. The data shall be kept for 2 years in case a contract is not concluded or 11 years from the last executed transaction under the contract.

  • 3. Employment requests

    Diverto collects data about job candidates solely based on open recruitment competitions which it publishes through verified partners (MojPosao). Either way, if you decide to contact us and you want to work for us and with us, your contact data (name and surname, address, e-mail address and telephone number, as well as the attached CV) can, based on the legitimate interest and later legal obligations, be used for the purpose of the employment procedure. The data shall be kept for 6 months in case the employment relationship is not concluded or if it is, pursuant to the provisions of the Labour Act.

  • 4. Subscriptions to new blogs

    In accordance with the consent you provide, we use your e-mail address to send notifications about new blogs and possible notifications regarding the services connected to the content of the blogs. You can cancel the subscription to the notifications at any moment by sending an e-mail. The data shall be kept until the consent is withdrawn.

  • 5. Subscriptions to new periodical reports on the state of the information security

    In accordance with the consent you provide when subscribing, we use your e-mail address to send notifications about new reports. You can cancel the subscription to the notifications at any moment by sending an e-mail. The data shall be kept until the consent is withdrawn.

  • 6. General inquiries

    After receiving a general inquiry, we shall first determine the nature of the inquiry and if it contains personal data, we shall process it in accordance with this Policy. The data shall be kept for 6 months.

Cookies and analytics

Diverto does not use cookies or third-party analytical tools and does not monitor the behaviour of users who visit the websites.

Contacts through social networks

Diverto is active on social networks and you can contact us through those networks. If you decide to contact us through social networks, we shall determine the nature of your inquiry and if it contains personal data, we shall treat them in accordance with this Policy.

Social networks:

Where do we keep personal data?

Your personal data is safe with us. The personal data that we collect is kept solely in our internal company infrastructure which is protected from unauthorised access, modification, or destruction of data in appropriate ways. Our internal infrastructure is constantly monitored by our colleagues who specialise in the field of network activity monitoring and incident response.

Who can access your personal data?

Your personal data can be accessed solely by authorised Diverto employees or other recipients solely according to a legal obligation/substantiated request of the authorised public body. Your personal data is not exchanged outside the borders of the European Union.
The data about your e-mail addresses collected for the purposes of subscribing to our new contents is forwarded to our partners (Mailchimp) who act as the Data Processor and safeguard your data in accordance with the data processing agreement.
Your data will not be kept longer than necessary nor longer than it is stated in the chapter “Why do we collect data”.

How do we protect your personal data?

Information security is the basis of our business and we undertake appropriate technical and organisational measures in order to minimise the danger of unauthorised or illegal disclosure, access, accidental or illegal loss, destruction, modification or damage of your personal data. Our integrated information security and quality management system has been certified by independent assessors and guarantees additional security of your personal data.
All authorised personal data recipients access personal data in accordance with the roles, the responsibility and allocated authorisation which is assigned to those roles. The access is monitored on a regular basis and the rights are adjusted according to checks.
Our employees constantly improve their knowledge in the field of information security, as well as in the field of personal data protection. Numerous certificates of our employees from all main areas of information security and cybersecurity are proof of that.

Your personal data - your rights

Depending on the purpose of the processing of personal data, you have the following rights regarding personal data, pursuant to the personal data protection legislation in force:

  • the right to be informed about the processing of your personal data,
  • the right to access your personal data,
  • the right to rectify your personal data,
  • the right to delete your personal data which does not need to be permanently stored in accordance with legal obligations of Diverto as Data Controller,
  • the right to limit the processing of your personal data in accordance with legal obligations of Diverto as Data Controller,
  • the right to submit a complaint to us or to the supervisory authority (Croatian Personal Data Protection Agency).

How can you contact us?

You can contact us at any moment if you wish to access the personal data which we collect about you or if you wish to exercise your rights. You have the right to submit a complaint to us and to the competent data protection supervisory authority if you consider that we are doing something wrong.
Requests, complaints or inquiries which are related to the processing and protection of personal data can be sent to the e-mail address zop@diverto.hr
When contacting and submitting requests in accordance with the mentioned rights, we shall make reasonable efforts to determine your identity and prevent unauthorised processing of personal data. Every request/inquiry you submit shall be resolved as soon as possible, but no later than 30 days from the date of receipt.

Personal Data Processing Controller: