PRIVACY POLICY

abacus – obrt za intelektualne usluge
Owner: Toni Nogolica
Address: Ilica 73, 10000 Zagreb, Croatia (“Abacus”, “we”, “us”)

This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Croatian law.

1. Data Controller

Abacus – obrt za intelektualne usluge is the controller of personal data processed in connection with our translation and related services.

For privacy inquiries or to exercise your rights, please contact:
Email: info@abcs.hr
Address: Ilica 73, 10000 Zagreb, Croatia

2. Categories of Personal Data We Process

We may process the following categories of data, depending on the engagement:

  • Identification and contact data: name, address, email, phone, company name, position.

  • Billing and financial data: invoicing details, tax numbers, bank references appearing on invoices.

  • Content data contained in documents provided for translation or certification: contracts, certificates, judgments, medical reports, academic records, employment documents, or other materials that may include personal data of the client or third parties.

  • Communication and correspondence data: email communications, instructions, feedback.

  • Technical data (limited): metadata associated with email delivery or document transfer necessary for security and recordkeeping.

We do not intentionally collect data beyond what is required to perform our services. However, source materials may contain special categories of personal data (e.g., health, criminal, or family-status information) when translation of such documents is explicitly requested.

3. Purpose and Legal Basis of Processing

We process personal data strictly for lawful purposes:

  • Preparing offers, accepting and performing translation services, (Art. 6(1)(b) – performance of a contract or steps prior to entering a contract);

  • Certified translations and legal obligations (recordkeeping, tax, interpreter regulations) (Art. 6(1)(c) – compliance with legal obligations);

  • Managing relationships, communications, complaints, revisions (Art. 6(1)(b) and/or Art. 6(1)(f) – legitimate interest in providing quality services);

  • Accounting, invoicing, and financial administration (Art. 6(1)(c);

  • Protection of our legal rights and fraud prevention (Art. 6(1)(f) – legitimate interest);

  • Marketing to existing clients (limited, professional and relevant only) (Art. 6(1)(f), with opt-out rights);

  • Processing special categories of data contained in documents (Art. 9(2)(f) (establishment, exercise, or defence of legal claims) or Art. 9(2)(g) (substantial public interest), or where translation is necessary for legal proceedings, and always only to the extent necessary).

We do not use personal data for profiling or automated decision-making.

4. How We Obtain Data

  • Directly from clients when requesting a quotation or service.

  • From counterparties, legal representatives, courts, or institutions when translation relates to their proceedings.

  • From documents and materials provided for translation or certification.

5. Disclosure to Third Parties

We disclose personal data only when necessary and with appropriate safeguards:

  • cooperating translators/interpreters bound by confidentiality,

  • postal/courier services for physical delivery of translations,

  • accounting and bookkeeping service providers,

  • IT/cloud storage providers (restricted and secure),

  • courts, authorities, or other institutions when legally required,

  • legal advisors where necessary to protect our rights.

We do not sell personal data.

6. International Transfers

As a rule, data are processed within the European Economic Area. If transfer outside the EEA is required (e.g., client located abroad, cross-border delivery tools), we rely on GDPR-compliant safeguards such as EU Standard Contractual Clauses or equivalent mechanisms and inform the client where appropriate.

7. Retention Periods

We retain data only as long as necessary for the purpose collected:

  • contractual and service records: generally 5–10 years (depending on statutory limitation and accounting rules),

  • accounting documents: retention as required by tax law,

  • certified translation records where legally required: as prescribed by interpreter regulations,

  • correspondence: retained as long as required to manage the engagement and possible claims.

After expiry of applicable retention periods, data are securely deleted or anonymized.

8. Security Measures

We implement technical and organizational measures appropriate to the risk, including controlled access, encryption where feasible, confidentiality undertakings, secure backups, and minimization of data processed. Only personnel who need access for legitimate purposes may process personal data.

9. Your Rights under GDPR

Subject to conditions and legal limitations, you have the right to:

  • Access your personal data and obtain a copy.

  • Rectify inaccurate or incomplete data.

  • Erase data (“right to be forgotten”) where applicable.

  • Restrict processing in certain circumstances.

  • Object to processing based on legitimate interests or direct marketing.

  • Data portability where processing is based on consent or contract and carried out by automated means.

  • Withdraw consent at any time (where processing relies on consent), without affecting prior lawful processing.

Requests can be submitted using the contact details provided above. We may require verification of identity.

10. Complaints

If you believe your rights have been violated, you may contact us first so we can address your concerns.

You also have the right to lodge a complaint with the competent supervisory authority:

Croatian Personal Data Protection Agency (AZOP): www.azop.hr

11. Cookies and Website Use

Only strictly necessary cookies are used unless otherwise stated. Any additional cookies (analytics, marketing) will be deployed only with consent and explained in a separate cookie notice.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The current version will always be available upon request and will apply from the date of publication.

13. Contact

Questions, requests, or complaints regarding personal data protection may be addressed to:
abacus – obrt za intelektualne usluge
Ilica 73, 10000 Zagreb, Croatia
Email: info@abcs.hr