Updated in 2024

Pravilnik o zasebnosti

Who are we

Leading providers of information and cybersecurity services. Established in 2007, based in Zagreb.

Diverto d.o.o. (hereinafter: Diverto or we or Data Controller) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR), which came into effect on 25 May 2018, is a Data Controller.

With this Privacy Policy, we confirm that your security and privacy when visiting our websites are our top priority. This Privacy Policy explains how Diverto collects, uses, and manages your personal data that are found on the website and are available to Diverto through the use of the website: www.diverto.hr and the subpage www.uskladenost.diverto.hr.

Why do we collect personal data

As the Data Controller, we want to inform you about the reason for collecting personal data. When you visit our sites and voluntarily provide your email address, you enable us to contact you. Given the aforementioned and the possibility that you can send us your personal data via email, we list some of the possible situations and purposes of processing:

  • 1. Inquiries regarding the services we offer

    When contacting Diverto and requesting information about services, your data (name and email address) may be used based on the legitimate interest of Diverto for further relationship development and potentially concluding a service contract. The data are kept for 2 years if a contract is not achieved, or 11 years from the last contractual transaction.

  • 2. Inquiries about business cooperation

    When contacting Diverto and requesting information about services, your contact details (name and email address) as well as a description of the desired cooperation will be used based on the legitimate interest for the purposes of conducting pre-contractual actions and concluding a contract, for further relationship development and potentially achieving a business cooperation agreement. The data are kept for 2 years if a contract is not achieved, or 11 years from the last contractual transaction.

  • 3. Job application requests

    Diverto collects data about job candidates solely based on open job postings published through verified partners (e.g., MojPosao). However, if you decide to contact us and want to work for and with us, your contact details (name, email address, and attached resume) can be used based on the legal basis of processing which is necessary for the execution of a contract in which you are a party and subsequent legal obligations for the purposes of the recruitment process. The data are kept for 6 months if employment is not established or according to the provisions of the Labor Law, in case of employment.

  • 4. Subscriptions to new blogs

    In accordance with the consent you provide, we use your email address to send notifications about new blog posts and possible notices about services related to the content of the blogs. You can cancel your subscription to the content at any time by clicking on the link within the email message. The data are retained until the withdrawal of consent.

  • 5. Subscriptions to new promotional-educational content about information/cybersecurity

    In accordance with the consent you provide when subscribing, we use your email address to send notifications about new reports, educational materials, and materials that promote our services. Depending on how you disclose your data to us, in addition to your name and email address, you may also provide other contact details (name, company name, industry, phone number, company size). Such data are only used to help create new personalized content for you and are not a mandatory condition for subscription. You can cancel your subscription to the content at any time by clicking on the link within the email message.

  • 6. General inquiries

    Upon receiving a general inquiry, we will first determine the nature of the inquiry and, if the inquiry contains personal data, we will process it in accordance with this policy. The data are kept for 6 months

Cookies and Analytics

The website www.diverto.hr does not use cookies or third-party analytical tools and does not track user behavior when visiting the website. When visiting the subpage www.uskladenost.diverto.hr, cookies are used, and you are notified about their use upon accessing the subpage.

During visits to the page www.uskladenost.diverto.hr, Diverto tracks basic information using analytical tools based on user consent, with the aim of monitoring user activity on the mentioned website and for the purpose of improving products and services exclusively for users who have given explicit consent for previously defined activities on that page.

To ensure the proper functioning of the website www.uskladenost.diverto.hr, to monitor user experience, and to improve content, this site uses cookies, small files that the web browser stores on your computer, mobile device, or other device with which you visit the website.

Cookies typically store user settings for a website to enhance the user experience and provide a display customized based on the user's settings.

With explicit user consent, cookies can also store a range of data that may include direct personal data of the user such as name, surname, and email address. The website cannot access data that the user has not consented to, nor any other data stored on the computer, mobile device, or any other user device.

There are several different categories of cookies, and they are classified based on duration, the source of cookies, and function.

According to duration, cookies can be:

Persistent Cookies - cookies that remain stored on your computer, mobile device, or other devices even after closing the website or web browser.
Session Cookies - cookies that are removed from your computer, mobile device, or other devices after closing the website or web browser.

Based on the source, cookies can be:

First-party cookies - cookies stored by the original website that the user visits.
Third-party cookies - cookies stored by other websites or web services that are parts of the original website that the user visits. They are commonly used to track user behavior on the original website or to enhance the user experience.

Based on function, there are several types of cookies, the most common being:

Technical/necessary cookies - cookies essential for the functionality of the website and its fundamental purposes.
Functional cookies - cookies that allow the website to provide enhanced functionality and personalization.
Statistical cookies - cookies that collect information about how users visit the website.
Marketing cookies - cookies that collect information about users' habits and behavior on the website with the aim of personalizing advertisements.

Does www.uskladenost.diverto.hr use cookies?
Yes, to provide users with the best possible experience and to improve the content displayed on the website.

What cookies does www.uskladenost.diverto.hr use and why?
The subpage www.uskladenost.diverto.hr uses temporary functional and statistical first-party cookies and necessary technical/essential cookies.
For additional information on cookie management options, you can visit the official pages of the web browser you are using.

Who can access your personal data?

Only authorized employees of Diverto, our partners who act as data processors and who keep your data in accordance with the data processing agreement, or other recipients based on legal obligations/justified requests from authorized public authorities can access your personal data.

We do not retain your data longer than necessary, as specified in the section "Why do we collect personal data?"

Social media:

Where do we store personal data?

Your personal data is safe with us. The personal data we collect are stored exclusively on the company's internal infrastructure, which is appropriately protected from unauthorized access, modification, or destruction of data. Our internal infrastructure is under constant supervision by our colleagues specialized in network activity monitoring and incident response.

How do we protect your personal data?

Information security is fundamental to our business, and we take appropriate technical and organizational measures to minimize the risk of unauthorized or unlawful disclosure, access, accidental or unlawful loss, destruction, alteration, or damage to your personal data. Our integrated quality and information security management system is certified by independent assessors and further guarantees the security of your personal data.

All authorized recipients of personal data access the data in accordance with their roles and responsibilities and the authorities assigned to those roles. Access is regularly monitored, and rights are adjusted according to checks.
Our employees continuously enhance their knowledge in the field of information security, including personal data protection. This is evidenced by numerous certificates our employees hold in all major areas of information and cybersecurity.

Your personal data - your rights

Depending on the purpose of processing personal data, you have the following rights over your personal data in accordance with applicable data protection regulations:

  • the right to be informed about the processing of your personal data,
  • the right to access your personal data,
  • the right to rectify your personal data,
  • the right to delete your personal data which does not need to be permanently stored in accordance with legal obligations of Diverto as Data Controller,
  • the right to limit the processing of your personal data in accordance with legal obligations of Diverto as Data Controller,
  • the right to submit a complaint to us or to the supervisory authority (Croatian Personal Data Protection Agency).

How can you contact us?

You can contact us at any moment if you wish to access the personal data which we collect about you or if you wish to exercise your rights. You have the right to submit a complaint to us and to the competent data protection supervisory authority if you consider that we are doing something wrong.
Requests, complaints or inquiries which are related to the processing and protection of personal data can be sent to the e-mail address zop@diverto.hr.

When contacting and submitting requests in accordance with the mentioned rights, we shall make reasonable efforts to determine your identity and prevent unauthorised processing of personal data. Every request/inquiry you submit shall be resolved as soon as possible, but no later than 30 days from the date of receipt.

Personal Data Processing Controller: