Notice regarding personal data protection by NATURALIS d.o.o.

The purpose hereof is to inform you, as employee or candidate interested in employment with the company NATURALIS d.o.o., of the processing of your personal data. The data controller is NATURALIS .d.o.o., Civljane, Ivetići 1, IIN (OIB) 19514005057, represented by Hrvoje Godinić, Director.

Personal data categories


• Given and family name
• Personal number of insured person (pension insurance, health insurance),
• Date of birth
• Sex
• Permanent or temporary residence address
• Phone number
• Email address
• Professional qualification
• Highest level of education completed
• IBAN and copy of current account
• Personal ID card copy
• Given and family name of dependants and their PIN (OIB) (PK)
• Years of service (history)
• Amount of gross salary
• Nationality
• Job title and job description, date of employment contract, employment status (permanent or fixed term), working hours (full time or half time), all written arrangements with the employer
• Data on additional educations and trainings
• Data on salary and salary category; bonuses; remunerations; employee benefits and costs
• Data required for payroll purposes (obligatory contributions, taxes and surtaxes)
• Data on business travel and reports on related costs, information regarding company credit cards
• Records on attendance at work, vacations and leaves of absence
• Certificates of work capability
• Sick leave records (other than data on mental and physical health)
• Data on the form of cessation of employment (including reasons of cessation)
• Data on family members / dependants and other users of rights, including their full name, date of birth / age, sex, personal identification number and personal number issued by state authorities (HZMO, HZZO etc.)
• Information stored in the employer’s electronic systems that you use (such as data on accessing and identification and websites visited)
• Video surveillance at the Company’s premises (Solin, Koprivnica, Ludbreg, Silaš).

Legal grounds for data processing (employees)

Legal grounds for data processing are the implementation of the employment contract and the related rights and obligations of either the data controller or the data subject arising from labour law and rights and obligations related to labour law (pension insurance, health insurance, tax obligations) as well as legitimate interests including the recruitment and employment of qualified employees, assessment of employees’ work performance, deciding on remunerations and benefits for employees, protection of data and property security, employee safety and acting in compliance with other statutory obligations. Legal ground for video surveillance at Company premises is to exercise the data controller’s legitimate interest from Art. 6, item 1 (f) of the General Data Protection Regulation.

Employment candidates

• Full name, date of birth, PIN (OIB), state of birth, nationality, sex, phone number, residence address, email address
• Prior work experience, data regarding education and training, qualifications, certificates, expert knowledge and skills as well as experience (including all information provided by you in your CV, job application and during the job interview).

Legal grounds for data processing (candidates)

Legal grounds for processing candidates’ data are legitimate interests including the assessment of candidates’ qualification for the job and verification of their work experience and employment history.

Purposes of processing

Personal data of employees are used for the following purposes:

• Exercising rights and obligations arising from and related to employment
• Organisational planning, development and management
• Managing and running projects
• Managing and planning workforce
• Filling vacancies, including the planning of human resources and terminating employments
• Managing employees’ work efficiency, such as assessing performance/efficiency, deciding on performance-based rewarding and taking measures in case of breach of obligations arising from employment and deciding on requests for protection of rights, objections and complaints
• Employee training and development, education, professional qualification, support and certification
• Protection of employee health and safety and security of work premises
• Acting and following up in case of injury at work
• Monitoring absence from work
• Managing employees’ requests for vacations and leaves of absence
• Planning and managing payroll and other material rights of employees by accounting and paying contributions, taxes and surtaxes and other payments related to employees’ status
• Managing ways of cessation of employement
• Internal investigations and reviews and managing risks and compliance of activities
• Detecting and preventing fraud
• Meeting obligations in legal proceedings and investigations conducted by official authorities, including keeping information and data related to the subject matter of such proceedings and investigations
• Planning and managing the company’s funds
• Managing costs, including company credit cards, expenses, purchasing processes and fees
• Collecting contact data for emergencies and contact data of beneficiaries
• Approving, granting, managing, monitoring and withholding access to or use of electronic systems, equipment, records, property and infrastructure.

Personal data of job candidates are used for the following purposes:

• Assessment of acceptability of employing candidates
• Checking and verifying references and qualifications provided for potential new employees, to the extent permitted by applicable law.

Categories of recipients of employees’ personal data

In order to provide for efficient operations, we may use third party services to help us run the business or perform certain activities on our behalf, such as safety at work services, bookkeeping services, storage of data; employee insurance services and the like. We or our service providers – third parties may use your data for some other lawful purposes, eg. for the purposes of mandatory pension insurance, tax returns, organisation of educations and trainings, business travel arrangements or checking specific competencies (eg. mandatory drill in case of fire), for mandatory medical checks and in other cases provided by the law. We can only share your personal data with such third parties for the purpose of enabling them to provide their service. We require our service providers to protect the confidentiality of your personal data by applying appropriate security measures and only allow them to process personal data in the way approved by us.

Keeping personal data

We shall keep employees’ personal data over the course of their employment and during the period stipulated by labour laws and regulations after cessation of the employment or, in case of voluntary provision of data, for a period of 6 years upon cessation of the employment. Data of job candidates are kept as long as the recruitment process is under way, unless the candidate becomes an employee and his/her data are considered to be personal data of employees in compliance herewith.

Your rights

With regards to the processing of your personal data, you have the following rights:

(i) right to be informed about the processing of your personal data;
(ii) right to request access to your personal data;
(iii) right to request for your personal data to be corrected or erased;
(iv) right to complain against the processing of your personal data;
(v) right to request portability of your personal data;
(vi) right to file an appeal with the Personal Data Protection Agency of the Republic of Croatia.

In case any personal data of employees or candidates should be collected on a voluntary basis (by way of consent), we shall timely and fully inform the employee or candidate thereof and request their consent in compliance with GDPR. In such case the data subject shall have the right to renounce (withdraw) the given consent, which shall have no impact on the lawfulness of processing the respective data prior to withdrawal.

In case you would like to exercise any of these rights, you can send the appropriate request to the following address:

Attn: Board Member
Address: Civljane, Ivetići 1
Contact of the Personal Data Protection Officer: