10. 09. 2022.
Who are we
The leading service providers in the field of information security for companies, institutions, and other organisations, irrespective of their size and industry. We exist since 2007 and our registered seat is in Zagreb.
We are Diverto d.o.o. (hereinafter: We or Diverto or the Data Controller) and pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), which entered into force on 25 May 2018.
Why do we collect personal data
As the Data Controller, we are obliged to inform you about the reasons why we collect personal data. By visiting our websites and voluntarily providing your e-mail address, we are able to contact you.
Considering the above-mentioned and the possibility of sending your personal data to us by e-mail, we list some of the possible situations and processing purposes below:
1. Inquiries regarding the services we offer
When contacting Diverto and asking for information regarding the services, your data (name and surname, address, e-mail address and possible telephone number) can be used based on the legitimate interest of Diverto to develop the relationship further and possible conclusion of a service contract. The data shall be kept for 2 years in case a contract is not concluded or 11 years from the last executed transaction under the contract.
2. Inquiries regarding business cooperation
When contacting Diverto and asking for information regarding the services, your contact data (name and surname, address, e-mail address and possible telephone number), as well as the description of the desired cooperation shall be for the purpose of carrying out pre-contractual actions and concluding a contract, for the purpose of developing the relationship further and possible conclusion of a business cooperation contract. The data shall be kept for 2 years in case a contract is not concluded or 11 years from the last executed transaction under the contract.
3. Employment requests
Diverto collects data about job candidates solely based on open recruitment competitions which it publishes through verified partners (MojPosao). Either way, if you decide to contact us and you want to work for us and with us, your contact data (name and surname, address, e-mail address and telephone number, as well as the attached CV) can, based on the legitimate interest and later legal obligations, be used for the purpose of the employment procedure. The data shall be kept for 6 months in case the employment relationship is not concluded or if it is, pursuant to the provisions of the Labour Act.
4. Subscriptions to new blogs
In accordance with the consent you provide, we use your e-mail address to send notifications about new blogs and possible notifications regarding the services connected to the content of the blogs. You can cancel the subscription to the notifications at any moment by sending an e-mail. The data shall be kept until the consent is withdrawn.
5. Subscriptions to new periodical reports on the state of the information security
In accordance with the consent you provide when subscribing, we use your e-mail address to send notifications about new reports. You can cancel the subscription to the notifications at any moment by sending an e-mail. The data shall be kept until the consent is withdrawn.
6. General inquiries
After receiving a general inquiry, we shall first determine the nature of the inquiry and if it contains personal data, we shall process it in accordance with this Policy. The data shall be kept for 6 months.
Cookies and analytics
Contacts through social networks
Diverto is active on social networks and you can contact us through those networks. If you decide to contact us through social networks, we shall determine the nature of your inquiry and if it contains personal data, we shall treat them in accordance with this Policy.
- Facebook - https://www.facebook.com/privacy/explanation
- LinkedIn - https://www.linkedin.com/legal/privacy-policy
- Twitter - https://twitter.com/en/privacy#update
- Reddit - https://www.redditinc.com/policies/privacy-policy
Where do we keep personal data?
Your personal data is safe with us. The personal data that we collect is kept solely in our internal company infrastructure which is protected from unauthorised access, modification, or destruction of data in appropriate ways. Our internal infrastructure is constantly monitored by our colleagues who specialise in the field of network activity monitoring and incident response.
Who can access your personal data?
Your personal data can be accessed solely by authorised Diverto
employees or other recipients solely according to a legal
obligation/substantiated request of the authorised public body. Your
personal data is not exchanged outside the borders of the European
The data about your e-mail addresses collected for the purposes of subscribing to our new contents is forwarded to our partners (Mailchimp) who act as the Data Processor and safeguard your data in accordance with the data processing agreement.
Your data will not be kept longer than necessary nor longer than it is stated in the chapter “Why do we collect data”.
How do we protect your personal data?
Information security is the basis of our business and we undertake
appropriate technical and organisational measures in order to minimise
the danger of unauthorised or illegal disclosure, access, accidental
or illegal loss, destruction, modification or damage of your personal
data. Our integrated information security and quality management
system has been certified by independent assessors and guarantees
additional security of your personal data.
All authorised personal data recipients access personal data in accordance with the roles, the responsibility and allocated authorisation which is assigned to those roles. The access is monitored on a regular basis and the rights are adjusted according to checks.
Our employees constantly improve their knowledge in the field of information security, as well as in the field of personal data protection. Numerous certificates of our employees from all main areas of information security and cybersecurity are proof of that.
Your personal data - your rights
Depending on the purpose of the processing of personal data, you have the following rights regarding personal data, pursuant to the personal data protection legislation in force:
- the right to be informed about the processing of your personal data,
- the right to access your personal data,
- the right to rectify your personal data,
- the right to delete your personal data which does not need to be permanently stored in accordance with legal obligations of Diverto as Data Controller,
- the right to limit the processing of your personal data in accordance with legal obligations of Diverto as Data Controller,
- the right to submit a complaint to us or to the supervisory authority (Croatian Personal Data Protection Agency).
How can you contact us?
You can contact us at any moment if you wish to access the personal
data which we collect about you or if you wish to exercise your
rights. You have the right to submit a complaint to us and to the
competent data protection supervisory authority if you consider that
we are doing something wrong.
Requests, complaints or inquiries which are related to the processing and protection of personal data can be sent to the e-mail address firstname.lastname@example.org
When contacting and submitting requests in accordance with the mentioned rights, we shall make reasonable efforts to determine your identity and prevent unauthorised processing of personal data. Every request/inquiry you submit shall be resolved as soon as possible, but no later than 30 days from the date of receipt.