Privacy policy

Personal Data Controller:
Croatian Insurance Bureau
Martićeva 71, 10000 Zagreb
dpo@huo.hr

 

The Croatian Insurance Bureau (hereinafter referred to as "HUO" or "Bureau") is the national insurance office in the Republic of Croatia, a non-profit legal entity representing insurance companies in legal transactions with third parties.

HUO is a legal entity with public authority as defined by the General Data Protection Regulation (GDPR) and the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/18).

The Bureau's activities are determined by the Insurance Act (Official Gazette 30/15, 112/18, 63/20, 133/20, 151/22), the Compulsory Traffic Insurance Act (Official Gazette 151/05, 36/09, 75/09, 76/13, 152/14, 155/23), and other regulations.

The duties of HUO as a public authority include:

Duties prescribed by Article 353, Paragraph 1 of the Insurance Act:

  • Duties as the national insurance office and other duties set out in international agreements regarding vehicle owners' liability insurance for damages caused to third parties;
  • Management of the Guarantee Fund;
  • Operations of the Compensation Bureau;
  • Operations of the Information Center;
  • Insurance statistics;
  • Handling complaints from policyholders or injured parties;
  • Out-of-court resolution of disputes between policyholders or insurance contract holders, or consumers and insurance companies or insurance service providers, involving decisions on the rights and obligations of legal and natural persons.

 

Duties prescribed by Article 52 of the Compulsory Traffic Insurance Act:

  • Managing the Information Center, including maintaining a prescribed register containing data on: i) License plates; (ii) Types, brands, models, and chassis numbers of vehicles registered in the Republic of Croatia; (iii) Insurance policy numbers for these vehicles; (iv) Other prescribed data.


In exercising its public authority and performing the above-mentioned duties, HUO collects and processes personal data.

 

1. PURPOSE OF PROCESSING PERSONAL DATA

Below are the personal data processing activities carried out by HUO based on Article 6(1)(e) of the GDPR (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller). These processing activities fall under HUO’s public authority.

 

1.1. Information Center Operations

The Information Center operated by HUO is established under the Compulsory Traffic Insurance Act to enable injured parties to claim compensation for damages resulting from traffic accidents involving vehicles.

The Information Center collects and maintains a register containing the following personal data:

  • Vehicle registration number, type, brand, model, chassis number, and owner;
  • Motor vehicle liability insurance policy number;
  • Name, surname, date of birth, personal identification number (OIB), residence, and domicile of the insured, beneficiaries, and policyholders;
  • Date of insurance coverage termination or expiry.

 

The above personal data and other information are regularly submitted to the Bureau by insurance companies and the Ministry of Internal Affairs, based on obligations under the Compulsory Motor Insurance Act.

In accordance with the Compulsory Motor Insurance Act, data from the Information Centre's register is kept for at least 7 years from the deregistration of the vehicle registration or the expiry of the policy.

Exceptionally, data is kept for longer, given justified business needs. The reason for keeping this data for a longer period is legally and commercially justified and arises from the need to (re)activate a particular claim/court file/case in the future, and the necessary insight into the existence of insurance coverage, sometimes with a significant delay from the day the coverage was active, for example, (i) in the event of a deterioration in the health condition of the injured party/damager resulting in new court and/or other proceedings and the need to access insurance coverage), (ii) an increase in the annuity because, for example, injured parties may submit multiple claims over decades, thus requiring access to insurance coverage, and (iii) other justified business reasons).
Taking into account the interests of injured parties, HUO permanently stores this data.

 

1.2. Handling of Compensation Claims

To assist in resolving compensation claims filed with HUO and its members (insurance companies), HUO collects information on the claims submitted. These processing activities fall under HUO’s public authority.

HUO also receives information on traffic accidents from the Ministry of the Internal Affairs under the Compulsory Motor Insurance Act.

Documentation collected and processed for these purposes may include, in addition to the data listed in Section 1.1, the following personal data:

  • Information on injured parties, participants, and witnesses in traffic accidents;
  • Descriptions of damages, injuries, and health conditions;
  • Medical records, expert reports, and other health-related data used to assess the severity of the incident's consequences;
  • Information on birth, death, marital status, and property ownership;
  • Bank account details for compensation payments;
  • Identification card or passport number, Green Card number, email address, or phone number of the insured or injured person.

 

Data for compensation claims is stored for 5 years from the claim resolution date, or 15 years if the case involved legal proceedings.

 

1.3. Frontier Motor Vehicle Liability Insurance

In cooperation with its members (insurance companies), the Bureau organizes the contracting of frontier insurance policies against motor vehicle liability. A frontier insurance policy can be contracted at certain road and sea border crossings upon entering the territory of the Republic of Croatia and online on the Office's website.

For this purpose, the Bureau keeps records of issued insurance policies, which contain the following personal data:

  • Frontier insurance policy number;
  • Name and surname, date of birth, personal identification number, residence and place of residence of the insured, or of the policyholder if different from the insured.
  • Proof of ownership of the vehicle ((photo of driving license and vehicle) if the policy is contracted online.

 

Records of issued frontier insurance policies against motor vehicle liability at border crossings are kept for 5 years from the termination of the insurance contract. These processing procedures fall under Bureau's public authority. The documentation proving the ownership of the vehicle is kept for a maximum of 1 year, i.e. until the frontier insurance policy expires.

 

1.4. Handling Policyholder Complaints

The Bureau also deals with the handling of complaints of insured persons, that is, injured persons, related to the work and actions of insurance companies.

The Bureau also performs the tasks of out-of-court settlement of disputes between the insured / insurance policyholder, i.e. the consumer and the insurance company, as well as the provider of insurance services through arbitration, mediation and the tasks of the Ombudsman institution in the field of insurance.

For these purposes, the personal data of the insured / contractor, i.e. consumers, which are necessary for the resolution of complaints and disputes, i.e. for mediation procedures, are collected. or defense of legal claims. This includes medical records and other special categories of personal data, where applicable, or necessary for the establishment, exercise or defence of legal claims.

These processing operations fall under HUO's public authority.

Data collected for the purposes of handling complaints, out-of-court dispute resolution and mediation procedures are kept for 5 years from the receipt of the complaint.

 

 

In addition to the personal data processing conducted within the scope of its legal authority, the Bureau also engages in commercial activities and processes personal data for the following purposes:

 

1.5. Organization of Professional Conferences, Seminars, and Training

The Croatian Insurance Bureau (HUO) regularly organizes conferences, professional seminars, and training sessions in the field of insurance. For these purposes, data on participants (name, surname, contact details, payment information, certificates of participation) are collected. This data is gathered as part of pre-contractual activities or based on the contractual relationship between the Office and the training participants.

The data of participants who have attended and paid for the conference, seminar, or training are considered accounting documents and are retained for 11 years in accordance with the Accounting Act (NN 85/24).

Based on its legitimate interest, HUO also takes photographs and video recordings of certain events, and all participants are always informed in advance.

 

1.6. Notifications on News and Other Useful Information (Newsletter)

Participants of professional conferences, seminars, and training, as well as other individuals who have expressed interest in Bureau’s activities, regularly receive updates on news and developments in the insurance sector, as well as announcements of future events organized by the Bureau. For these purposes, contact information, particularly email addresses, are used.

HUO carries out this data processing based on legitimate interest. The data is retained until unsubscribed, which can be done in each newsletter received.

 

1.7. Recruitment and Selection Process

For the purpose of conducting recruitment processes for vacant positions, HUO collects data on candidates (name and surname, contact information, place of residence, education details, previous work experience, and other information provided in the CV). In this case, the legal basis for processing personal data of candidates is the undertaking of pre-contractual activities (employment contract) at the request of the data subject.

The data collected for these purposes are retained until the recruitment process is concluded, but no longer than 3 months. Open applications received are kept by HUO for up to 12 months or until the candidate withdraws their consent.

 

2. RECIPIENTS OF PERSONAL DATA

In certain business processes, for example for IT support and accounting, HUO uses the services of reliable partners (processors). Processors, when necessary, process personal data, on behalf of and at the direction of the Office, while ensuring appropriate technical and organizational measures for the protection of personal data.

In the context of official investigations, supervisory procedures, regulatory reporting and other official powers and actions of public authorities, HUO provides personal data to the Ministry of the Interior and the Croatian Financial Supervisory Authority (HANFA), as well as to other authorised public authorities on the basis of an official request, i.e. a legal obligation.

The HUO, as a national insurance office, is a member of the 'Green Card System' of the 47 national offices of the members of the Council of Bureaux, with its seat in Brussels, whose purpose is to facilitate the international traffic of motor vehicles by providing insurance against liability for damage caused to third parties by their use under the conditions laid down in the country visited and guaranteeing to injured persons that they will be compensated in the event of an accident in accordance with the national law of that country.

The HUO shall, upon request, provide the national offices of the Member States of the European Union or of the third Member States of the Green Card System with information on the area of Croatia where the vehicle is normally based and its registration number, if any, and information on the insurance of the vehicle, if required by the Member State in whose territory the vehicle is normally based. The standard contractual clauses shall apply when data are transmitted for those purposes to third countries that are members of the Green Card Scheme. More information on the standard clauses is available at: SCC.

 

3. RIGHTS OF DATA SUBJECTS

Depending on the legal basis and the processing activities, data subjects may exercise the following rights:

  • Right to information and access to their data;
  • Right to correct inaccurate or incomplete data;
  • Right to request the deletion of data (if no longer legally necessary for processing);
  • Right to object to processing based on HUO's legitimate interest;
  • Right to withdraw consent for data processing (where applicable).

 

4. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

Data subjects have the right to file a complaint with the supervisory authority:

Agency for the Protection of Personal Data

Ulica grada Vukovara 54, 10000 Zagreb

azop@azop.hr

 

5. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

HUO has appointed a Data Protection Officer. Data subjects can send any requests, inquiries, or complaints to the following contact details:

Croatian Insurance Bureau

Martićeva 71, 10000 Zagreb

dpo@huo.hr

 

This Privacy Policy was last updated on December 4, 2024.

We use cookies to provide a better user experience and functionality, and to better understand how you use our Website

They enable basic functions such as saving cookie settings and access to secure areas, and without them the site cannot function properly.

Name
Source Type Expiry
_huo

Stores the user's cookie consent state for the current domain
huo.hr HTTP 1 year
PH_HPXY_CHECK

Used to detect and prevent brute force attacks on the website.
huo.hr HTTP Session
PHPSESSID

Preserves user session state across page requests.
huo.hr HTTP Session
rc::a

This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
huo.hr HTTP Session
rc::c

This cookie is used to distinguish between humans and bots.
huo.hr HTTP Session

They enable us to monitor analytics by counting visits and traffic sources in order to improve the performance of our website.

_ga

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
huo.hr HTTP 2 years
_ga_#

Used to send data to Google Analytics about the visitor\'s device and behavior. Tracks the visitor across devices and marketing channels.
huo.hr HTTP 2 years
_gat

Used by Google Analytics to throttle request rate
Google HTTP 1 day
_gid

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Google HTTP 1 day
collect

Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.
google-analytics.com HTTP Session
NID

Registers a unique ID that identifies a returning user\'s device. The ID is used for targeted ads.
google.com HTTP 6 months

They allow us to track users through the site and display targeted ads.

#-#

Nerazvrstano
youtube.com HTML Session
iU5q-!O9@$

Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
youtube.com HTML Session
LAST_RESULT_ENTRY_KEY

Used to track users interaction with embedded content.
youtube.com HTTP Session
PREF

Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites.
youtube.com HTTP 8 months
remote_sid

Necessary for the implementation and functionality of YouTube video-content on the website.
youtube.com HTTP Session
requests

Used to track users interaction with embedded content.
youtube.com HTTP Session
TESTCOOKIESENABLED

Used to track users interaction with embedded content.
youtube.com HTTP 1 day
VISITOR_INFO1_LIVE

Nerazvrstano
youtube.com HTTP 180 days
YSC

Nerazvrstano
youtube.com HTTP Session
YtIdbMeta#databases

Used to track users interaction with embedded content.
youtube.com IndexedDB Persistent
yt-remote-cast-available

Used to track users interaction with embedded content.
youtube.com HTML Session
yt-remote-cast-installed

Used to track users interaction with embedded content.
youtube.com HTML Session
yt-remote-connected-devices

Used to track users interaction with embedded content.
youtube.com HTML Persistent
yt-remote-device-id

Used to track users interaction with embedded content.
youtube.com HTML Persistent
yt-remote-fast-check-period

Used to track users interaction with embedded content.
youtube.com HTML Session
yt-remote-session-app

Used to track users interaction with embedded content.
youtube.com HTML Session
yt-remote-session-name

Used to track users interaction with embedded content.
youtube.com HTML Session

More details on how we use cookies read in our Cookie policy