With these general rules company INTERIGRE d.o.o. Zagreb, Karlovačka cesta 36B, OIB: 57930981912 (in text below INTERIGRE) regulates general terms for concluding contracts and rules for collection, processing and protection of personal data from business partners (“B2B”, business to business): natural persons, independent professionals, artisans, responsible persons of companies, legal and other representatives of business partners or any other person entering into a business relationship with processor, INTERIGRE.
For purpose of these rules, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A business partner is any natural person who concludes or is about to conclude contract with INTERIGRE, which requires collection and processing of personal data, and as such is considered data subject in regard to General Data Protection Regulation from 27.04.2016 (EU 2016/679).
INTERIGRE, as data processor, before collecting any of your personal data, gives following information in accordance with Art. 13 of General Data Protection Regulation from 27.04.2016 (EU 2016/679):
1. Data processor:
INTERIGRE d.o.o. Zagreb, Karlovačka cesta 36b, OIB: 57930981912,
2. Data Protection Officer
Ivan Šarac, Zagreb, Karlovačka cesta 36b,
3. Personal data collected and legal basis
INTERIGRE, on the basis of its legal obligations, for the purpose of contract execution, intention to conclude contracts or business negotiations may collect following personal data: name and surname, residence, date and place of birth, personal identification number, identification document number, id and name of identification document issuer, financial and solvency data (Bon 1, Bon 2, Sol 2), JMBG, real estate and movable property information, insight / scan / copy of identification document, certificate, certificate of accomplished education or speciality vocation
data from professional and craft registers, data on qualifications, special qualifications, vocations, data that is listed on blank debentures, debit notes, bills of exchange
All these data are kept for a period prescribed by a relevant law, or while needed for contract fulfilment purpose, and will be deleted after this period. If client refuses to provide above-mentioned data that is collected on bases of legal obligations or are necessary for contract fulfilment purposes, INTERIGRE reserves the right to refuse concluding contract with business partner.
3.1. Based on obligation to conduct in-depth analysis of the party prior to entering into business relationship, under the Anti Money Laundering and Terrorist Financing Law, we are required to collect the following information:
1. for natural person, assignee, legal representative: name and surname, place of residence, day, month and year of birth, identification number, name and identification document number, name of country that issued identification document and citizenship / nationality
2. for natural person to whom the transaction is intended: name and surname, residence and identification number of natural person if such information is available
3. for crafts and other self-employed activities:
a) name, residence (street and house number, place and state) and identification number of the craft and a person who carries out another independent activity when establishing a business relationship or carrying out other independent activities establishes a business relationship or performs transactions
b) name, residence (street and house number, place and state) of the carft and a person who carries out another independent activity to which the transcation is intended and the identification number of the craft and the person carrying out other independent activity only if information is available
4. for the real owner of the party: name and surname, country of residence, day, month and year of birth and citizenship / nationality
5. the purpose and intended nature of the business relationship, including information on the activities of the party
6. date and time of establishment of a business relationship
7. the date and time of the transaction's execution, the amount and currency in which the transaction is to be performed, the manner in which the transaction is executed, and when the payer on the basis of the risk assessment carried out in accordance with the provisions of this Act and on the basis of the by-laws adopted on the basis thereof, establishes a high risk of money laundering or terrorist financing, purpose of the transaction
8. the source of funds that are or will be the subject of business relationship
9. the source of the funds that are or will be the subject of the transaction
10. other data on transactions, remedy and persons in accordance with Art. 20. In conjunction with Art. 56 and 57 of the Law on Prevention of Money Laundering and Financing of Terrorism.
These data are kept for a period of 10 years from the date of termination of the business relationship, which is determined by the Anti Money Laundering and Terrorist Financing Law.
What are cookies?
The cookie is part of the information stored on your computer, cell phone or tablet, which can be delivered directly from the web site you visit (first-party cookies) or in collaboration and for the needs of third-party websites (third party cookies). Cookies usually save your settings, web site settings, etc. Once you open a webpage again, your web browser sends back the cookies that belong to this site. This allows the page to display information tailored to your needs. Cookies can have a wide range of information, including a piece of personal information. This information can be saved only if you enable it. The same web site can not access the information that you have not provided and can not access any other file on your computer.
How to disable them
If you want to disable the saving of cookies on your computer, you can do it. The act of blocking itself may have a negative impact on the use of the website. To disable cookies, you need to set the settings and configurations of your web browser. In the browser menu, select help and information about the cookies and follow the instructions.
Temporary cookies or cookies are removed from your computer when you close your browser. With them, websites store temporary dana.
Permanent or saved cookies remain on your computer after you close the Internet browser program. With them, websites store information such as login name and password, so you do not have to sign in for each visit to a particular location.
Third Party Cookies
Third party cookies set up external organizations we use our services. These cookies are set for the normal functioning of certain features that make it easier for users to access content. We currently have Google Analytics visit metrics for cookies
4. Purpose and processing of personal data:
Data is processed fairly and legally, and is not collected in greater extent than necessary.
Personal Data of a Business Partner INTERIGRE collects and processes in cases determined by law, and / or with the Client's privilege for the purpose for which it has been granted and / or for the purpose of concluding and executing a contract concluded between the Business Partner and INTERIGRE, as well as in other cases determined by law.
Collected personal information is used for:
providing our services / contract execution
identification purposes and checks
statistical analysis and research
regulatory and legislative compliance
fight against money laundering and terrorist financing
marketing, profiling and market research
protection of the rights and property of INTERIGRE d.o.o.
Processing of personal data listed in Art. 3. these rules are dealt with by the automated processing of personal data, and the processing manager has no technical ability to handle the data otherwise, which is why authorization for automated data processing is a precondition for the conclusion of the contract.
5. Personal data recipients and processors of personal data
INTERIGRE, as the head of personal data processing, has concluded technical cooperation agreements with processing executives and companies:
1) NOVOMATIC Gaming Industries GmbH, OIB: 50596559970, 2352 Gumpoldskirchen, Wiener Str. 158, the Republic of Austria,
2) HRS Zagreb Hospitality and Retail Systems d.o.o.Trg Krešimira Ćosića 9, 10000 Zagreb
The Client gives privilege that INTERIGRE, its employees, affiliates and partners may collect, process, transmit and share personal data of the client (s) and all personal data listed in this policy. The Client gives privilege that INTERIGRE may transfer the personal data of the client (the respondent) and transfer all personal data listed in this Rule to one of the countries of the European Union, on the basis of concluded contracts with processing executives.
6. Protection of Your Personal Information
Pursuant to the Personal Data Protection Act, the prescribed technical measures and procedures have been undertaken, supervision of the access to personal data provided to authorized persons only. Data collection and processing uses the latest security architecture including servers, databases, backups, firewalls, encryption, monitoring systems, and access control systems, both physically and programmatically, to ensure protection against loss or abuse of your data.
6.1. Physical data protection
1) The company's premises are protected by technical protection, which includes the presence of physical security personnel at the company's headquarters where the servers are located and on casino locations. In addition to physically present staff, security services are available on call or by reaction to automatic alarms appearing in their alert center, after which the security guards leave the field. All locations are equipped with alarm systems and accompanying sensors. Also, as part of the alarm system at all locations, there is also the possibility of manual activation of the silent alarm.
2) Within the locations where the data centers are located, there is physical and digital control of the physical access to the protected areas.
3) The server data storage device is located in the server rooms that are protected by the methods mentioned above and are additionally contained within the enclosed locker cabinets. Data is periodically archived to physical media for permanent storage. Such media are stored in the safes, which are themselves housed inside the sheltered premises.
4) Business premises, especially storage room areas (server rooms, etc.) are protected by fire protection, which includes smoke detectors, fire alarm system, and fire extinguishing systems, while servers are secured against a drop in voltage and unaddressed power supply failure using a continuous power supply system. The primary mode of protection is UPS (Uninterrupted Power Supply) inside a server cabinet, as well as generators that fall due to a long power outage.
6.2. Digital data protection
1) Passwords as a general digital protection mechanism are used on multiple levels within a complete information system - for access to a computer, a particular system, subsystem, application, database, protected files, archival copies, additional rights, etc. Password Complexity Policy and Periodic Policies Changes are required separately for separate applications and systems.
2) A firewall is used in all network-wide network locations, as part of available network protection, and on individual computers, either within the operating system or additional applications installed on a single computer or server.
3) The rules for online traffic are defined for each computer and network separately, depending on the communication requirements of the systems located on those computers and networks, and the access to the databases only have authorized persons.
4) Antivirus protection is used in all locations at the level of complete networks, as part of available network protection, and on individual computers, either within the operating system or additional applications installed on a single computer or server.
Protection includes systems for preventing viruses and other malicious applications, scripts and parts of the program code, sending or receiving such applications, etc. In addition, antivirus protection includes blocking the communication of certain content via email communications, and checking the content of the email automatically communications and automatically blocks any unwanted communications, whether outbound or inside protected systems.
5) On all business-critical systems, and where legally prescribed, backups are made on a regular basis. These systems include automatic continuous storage of all changes, periodic storage, archiving of data, etc. Periodic copies and archives are stored on irreversible media (WORM) that are certified for long-term storage and are stored in a safe located in areas that meet the archiving requirements.
6) When connecting two or more remote locations, VPN (Virtual Private Network) tunnels are used to protect network communication. Any traffic within such a VPN tunnel has been encrypted and is not available to network users outside the two networks that are associated with that VPN tunnel.
7) Computer access to all systems is limited in several ways. Protection methods include, inter alia, limitation of access rights at user account level, and access to databases is allowed only to authorized persons. Among other things, these systems protect against unauthorized access, installation of unwanted applications, unintended loss of data, etc.
Where possible, computer systems implement system redundancy, both at the physical level of equipment, as well as at logical and digital levels. Redundant systems act in a way where in the event of a termination of one part of the system the functionality takes over the other equivalent part of the system.
7. Privacy of data
Customer Data td INTERIGRE, together with the information that td INTERIGRE has learned about when providing services as well as doing business with clients, that is considered a business secret, and INTERIGRE can only be disclosed in cases that are legally required.
The head of the collection is obliged to pass on personal data collected on the basis of legal obligations to a particular state body within their legal authority. These may be: the Ministry of Finance, the Tax Administration, the Money Laundering Office and other public authorities.
8. The rights of the respondent
8.1. Each of client in accordance with Art. 15 - 22 of the General Regulations on the Protection of Personal Data of 27.04.2016. (EU 2016/679) provided that:
1) from the head asks for access to personal data and correction or deletion of personal data, all in accordance with the provisions of these Rules and the legal provisions.
2) from the head asks for the restriction of treatment pertaining to him as a respondent, all in accordance with the provisions of these Rules and the legal provisions.
3) invest complains about the processing of personal data, including the use of personal data for direct marketing purposes and automated decision-making including the creation of a profile, all in accordance with the provisions of these Rules and the legal provisions.
4) from the head requests the transfer of personal data related to him, all in accordance with the provisions of these Rules and the legal provisions.
5) recall at any time its personal data processing privileges as set out in Art. 3.1.3. and 3.2.2. these rules.
Withdrawal of clients consent doesn’t affect legitimacy of processing of his personal data prior to withdrawal.
8.2. For all questions, complaints, applications, as well as exercising of their rights related to the protection of personal data as set out in the Regulation and the preceding Article, the Client may contact the Personal Data Protection Officer or the Processing Manager via e-mail at email@example.com or in writing at the address: INTERIGRE doo, Karlovačka cesta 36b, 10 020 Zagreb, as well as submitting the requests at the branch offices.
At any time you can contact us and view, change, or modify these details in accordance with your laws.
8.3. At any time, the client has the opportunity to file a complaint with the supervisory for the protection of personal data:
Agencija za zaštitu osobnih podataka (AZOP)
Martićeva ulica 14, 10000 ZAGREB
In Zagreb, May 14th, 2018